Parite virus

106 31
Name:

Parite virus

Also known as:

Pinfi, Pate, Win32.Parite.a, W32/Pate.a, W32.Pinfi, Win32.Pinfi.A, PE_PARITE.A, W32/Parite-A, Win32/Parite.A

Type:

Memory-resident polymorphic file infector

Affects:

EXE and SCR files on Windows 32-bit platforms

Discovered:

October 15, 2001

Description:

There are two viruses involved with a Parite infection. Parite.A drops Parite.B as a dll to the Windows Temp directory, designating a filename based on the current system time (at infection).


The filename has the following format:
  • [3 letters][4 hex characters].tmp
Parite.A then invokes the INITIATE function within Parite.B, which then modifies the registry to point to itself:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF

Parite.B then infects the EXPLORER.EXE process, allowing it to remain resident in memory, after which Parite.B proceeds to infect all EXE and SCR files found on local and shared network drives. These files will be infected with Parite.A.

Vendor Descriptions:
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.