Win32.Parite A/B/C
A dangerous virus that will keep spreading on *.exe files that size over 200kb..
The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it’s dropped in the Windows\TEMP directory (or whatever location temporary files have on your system).
The virus infects PE files, and searches for files with *.exe and *.scrextensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn’t show it’s presence in any way, and does not use email for spreading.
Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file’s entry point. Infected files have the last section’s name consisting of 3 randomly chosed letters followed by a non-printable character.
If in your exe files the last section name is .jbd or .xgt or something like that, then it’s probably a file infected with Parite.
Solution :
http://www.bitdefender.com/site/Downloads/downloadRemovalTool/
Click the link to download the anti virus to remove the virus..
No comments:
Post a Comment