Follow:

 

Virus:Win32/Parite.B


Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.


What to do now

To detect and remove this virus, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx

Threat behavior

The Win32/Parite virus is a polymorphic file infector. When run on a system, Win32/Parite takes the following actions:
  • Drops a dynamic link library (DLL) to the Windows Temp directory, composing the name based on the current system time at the time of infection, using the format <3 letters><4 hex characters>.tmp
  • Injects the DLL into the explorer.exe process and modifies the registry to point to that DLL:
Adds Subkey: PINF
To key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • Infects all portable EXE and SCR files found on local and shared network drives.

Symptoms

The presence of registry subkey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF may be indication of a Win32/Parite infection.

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.175.2508.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Apr 04, 2007
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win32/Pinfi.A (CA)
  • Win32/Parite.B (Kaspersky)
  • W32/Pate.b (McAfee)
  • W32.Pinfi (Symantec)
  • PE_PARITE.A (Trend Micro)