Online
 
Wednesday, 07 January 2009
  
 
Home
English Language
Indonesia Language
Computer
Website
Gallery
Health
Ebook
Tips
Movies
Lyrics
Add Site
Free Super SEO
Tags
Wallpaper

Free Download Toolbar

 
Related Sponsor:
More article:
Related Content:

Viruse - Parite (Virus.Win32.Parite.b)
 

Virus of Parite 

Aliases of Parite.b viruses

Virus.Win32.Parite.b (Kaspersky Lab) is also known as: Win32.Parite.b (Kaspersky Lab), W32/Pate.b (McAfee),   W32.Pinfi (Symantec),   Win32.Parite.2 (Doctor Web),   W32/Parite-B (Sophos),   Win32/Parite.B (RAV),   PE_PARITE.A (Trend Micro),   W32/Parite (H+BEDV),   W32/Parite.B (FRISK),   Win32:BackDoor-Servu (ALWIL),   Win32/Parite (Grisoft),   Backdoor.FtpUServ.A (SOFTWIN),   W32/Parite.B (Panda),   Win32/Parite.B (Eset)

  • Sensible decrease in hard-drive free space;

  • A file about 180K, executable in temporary folder written in Borland C++;

  • Most exe files have over 200K in size.

    • The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it’s dropped in the Windows\TEMP directory (or whatever location temporary files have on your system).

     

    Last day i was scanning my Computer and Found Thousand virus parite:

    Scaning Parite Virus 


    The virus infects PE files, and searches for files with *.exe and *.scr extensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn’t show it’s presence in any way, and does not use email for spreading.

    Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file’s entry point. Infected files have the last section’s name consisting of 3 randomly chosed letters followed by a non-printable character.

    If in your exe files the last section name is .jbd or .xgt or something like that, then it’s probably a file infected with Parite.

    The virus does not damage the file it infects.

    effect of parite virus

    Technical Remove:
    1. Klick on start button:
    Start - Windows XP


    2. Enter text: "regedit" (Not with Quote)
    Registry - Windows XP

    3.Enter or klick open
    Chose: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF]

    4. Remove Binary PINF on This Section.
    Parite Viruse - Delet

     

    5. Enter yes when need Confirmation & restart after delet

    Registry Confirmation for delet 

    6. Scann with Good Antivirus 

     

    Good Luck 

     

    Tags: Add more tags...,
    This entry was posted on . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment.
    Users' Comments (0)

    Comment an article
      Name
      E-mail
       Title
    Available characters: 4000
     Notify me of follow-up comments
    This image contains a scrambled text, it is using a combination of colors, font size, background, angle in order to disallow computer to automate reading. You will have to reproduce it to post on my homepage
    Enter what you see:

    No comment posted
    Cool Graphic Wallpaper 29
    Statistic


    Last Post

    		 
    Top!
    G-Map
    Copy Right ©2008 - Great Excess
    		 Top!