Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

What to do now

To detect and remove this virus, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner ( For more information, visit

Threat behavior

The Win32/Parite virus is a polymorphic file infector. When run on a system, Win32/Parite takes the following actions:
  • Drops a dynamic link library (DLL) to the Windows Temp directory, composing the name based on the current system time at the time of infection, using the format <3 letters><4 hex characters>.tmp
  • Injects the DLL into the explorer.exe process and modifies the registry to point to that DLL:
Adds Subkey: PINF
To key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • Infects all portable EXE and SCR files found on local and shared network drives.


The presence of registry subkey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF may be indication of a Win32/Parite infection.


Alert level: Severe
First detected by definition:
Latest detected by definition: 1.183.2422.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Apr 04, 2007
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win32/Pinfi.A (CA)
  • Win32/Parite.B (Kaspersky)
  • W32/Pate.b (McAfee)
  • W32.Pinfi (Symantec)
  • PE_PARITE.A (Trend Micro)