Home / malware Parite
First posted on 13 September 2006.
Source: SecurityHomeAliases :
Parite is also known as PE_PARITE, W32/Pate, Virus.Win32.Parite.b, W32/Parite, Win32.Parite, Parite.b, Virus.Win32.Parite, Win32.Pinfi.
Explanation :
Parite is a memory-resident polymorphic virus that infects executable files with EXE and SCR extensions. The virus can also infect files on connected network drives. The virus installs a dropper file onto the system.
Solution :
Disinfection of this virus should be done as follows:
- Disable network sharing or disconnect from the network
- Set real-time scanner (on-access scanner) action to 'Disinfect Automatically'
- Scan ALL files (not just selected ones) on all hard drives
- Disinfect all infected files, delete all files that can't be disinfected
- Restart the computer
- Scan all files again to ensure that no more infected files are left
- Disinfect all other computers on the network before enabling sharing or connecting the network
Please make sure that the computer is disconnected from the network while disinfection is done and that all computers in the same network are disinfected. Otherwise the virus will re-infect already disinfected computers on the network.
As the virus installs a dropper with a TMP extrension on the hard drive, it is recommended to add the TMP extension to the list of scanned extensions for both on-demand and real-time scanners of F-Secure Anti-Virus.
F-Secure also offers the special disinfection tool for Parite.A, .B and .C virus variants. This tool can be downloaded from our ftp site:
ftp.f-secure.com/anti-virus/tools/f-parite.zip
Please make sure you read these instructions before using the tool:
ftp.f-secure.com/anti-virus/tools/f-parite.txtLast update 13 September 2006
