|
|
| Home | Antiviruses | Articles | Anti-spam | Forum | Scan | Buy |
Win32.Parite.A/B/C (Information from BitDefender)Symptoms:
The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it's dropped in the Windows\TEMP directory (or whatever location temporary files have on your system). The virus infects PE files, and searches for files with *.exe and *.scr extensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn't show it's presence in any way, and does not use email for spreading. Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file's entry point. Infected files have the last section's name consisting of 3 randomly chosed letters followed by a non-printable character. If in your exe files the last section name is .jbd or .xgt or something like that, then it's probably a file infected with Parite. The virus does not damage the file it infects. Removal tool:
Download Removal Tool from BitDefender's website
|
Virus and security arcticles
 
|
|
|||
| © AntivirusWorld.com |