Also known as:
Pinfi, Pate, Win32.Parite.a, W32/Pate.a, W32.Pinfi, Win32.Pinfi.A, PE_PARITE.A, W32/Parite-A, Win32/Parite.A
Memory-resident polymorphic file infector
EXE and SCR files on Windows 32-bit platforms
October 15, 2001
There are two viruses involved with a Parite infection. Parite.A drops Parite.B as a dll to the Windows Temp directory, designating a filename based on the current system time (at infection).
The filename has the following format:
- [3 letters][4 hex characters].tmp
Parite.B then infects the EXPLORER.EXE process, allowing it to remain resident in memory, after which Parite.B proceeds to infect all EXE and SCR files found on local and shared network drives. These files will be infected with Parite.A.