Virus.Win32.Parite

Detect Date 04/02/2009
Class Virus
Platform Win32
Description

The virus consists of a dropper, which is witten in assembler, and the virus part itself, written in Borland C++.

When an infected file is launched, the control flow is passed to the virus dropper, which writes the virus to a temporary file and executes its infection procedure.

The virus searches for Win32 EXE PE files with .scr and .exe

extensions on all logical drives of computer, and also in shared resources of local network, and infects them.

The virus doesn’t manifest itselfs presence in any way.

The structure of infected file looks like this:

Host file

Virus

dropper – drops “main” to TEMP dir and executes it.

main – searches for files and infects them, e.t.c.

This parasitic memory resident virus is functionally identical to Win32.Parite.a. It differs from Parite.a only in the key that it creates in the system registry:

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerPINF]