My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Parite.A/B/C

MEDIUM
LOW
~180K
(Win32/Parite)

Symptoms

  • Sensible decrease in hard-drive free space;
  • A file about 180K, executable in temporary folder written in Borland C++;
  • Most exe files have over 200K in size.

Removal instructions:

BitDefender can disinfect or delete automatically the files infected by this particular virus. The modified registry entries should be corrected manually.
 

  1. If you don\\'t have BitDefender installed click here to download an evaluation version;

  2. Make sure that you have the latest updates using BitDefender Live!;

  3. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to disinfect all the files infected with Parite.

Analyzed By

Daniel Ionita,<br /> Vlad Craciun<br /> BitDefender Virus Researcher.<br />

Technical Description:

The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it's dropped in the Windows\\\\TEMP directory (or whatever location temporary files have on your system).

The virus infects PE files, and searches for files with *.exe and *.scr extensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn't show it's presence in any way, and does not use email for spreading.

Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file's entry point. Infected files have the last section's name consisting of 3 randomly chosed letters followed by a non-printable character.

If in your exe files the last section name is .jbd or .xgt or something like that, then it's probably a file infected with Parite.

The virus does not damage the file it infects.