W32/Pate.b worm (also known as Parite)

[MuDiDi]

I have been struck with this kind of virus these days ... and no matter what I do, it just won't go away.

Can anybody help?

Things I have done:

Cleaned all the infected files with McAfee.
Removed the PINF entry in the Registry.
Shut down - Cold booted.

The infection comes back.

 

[StillBest.com]

格式化~~~~~~~~~~~~~~~~~~

 

[TTSONIC]

TRY TO KILL THEM UNDER DOS BY KV3000

 

[jiajiawu]

Hi, if you know how to solve this virus problem, could you please tell me?
Thank you so much.

 

[ztthik]

will this page help you?
http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2004-01/2158.html

 

[littleasan]

Upon executing a file infected with W32.Pinfi, the virus will perform the following:


Adds the registry value:

PINF

to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer


Appends itself to Explorer.exe to remain memory-resident.


Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.


W32.Pinfi(W32/Pate.b worm ) will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile that this virus creates will always have the following name:

[3 random letters][4 random hexadecimal digits].tmp


The file that the virus creates is a UPX-packed executable file. The virus will execute the temporary file, and it is this file that will attempt to infect files over network shares.