Parite virus

Name: Parite virus

Also known as: Pinfi, Pate, Win32.Parite.a, W32/Pate.a, W32.Pinfi, Win32.Pinfi.A, PE_PARITE.A, W32/Parite-A, Win32/Parite.A

Type: Memory-resident polymorphic file infector

Affects: EXE and SCR files on Windows 32-bit platforms

Discovered: October 15, 2001

Description: There are two viruses involved with a Parite infection. Parite.A drops Parite.B as a dll to the Windows Temp directory, designating a filename based on the current system time (at infection). The filename has the following format:

[3 letters][4 hex characters].tmp

Parite.A then invokes the INITIATE function within Parite.B, which then modifies the registry to point to itself:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF

Parite.B then infects the EXPLORER.EXE process, allowing it to remain resident in memory, after which Parite.B proceeds to infect all EXE and SCR files found on local and shared network drives. These files will be infected with Parite.A.