Solved

PE_Parite.A help

Posted on 2004-04-19
21
1,673 Views
Last Modified: 2013-12-04
hi,
I've been having trouble with my computer and was told it was a virus, so i got PC Cillin and found i had 1000 infected files with PE_Parite.A, after the scan i restarted my computer and all the files were infected again i dont know whats causing it if any1 can help i'd be grateul.

thank you
0
Comment
Question by:tonyxp
  • 6
  • 5
  • 4
  • +2
21 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 84 total points
ID: 10858169
Greetings tonyxp,

Check these links for online virus scanners.  It's recommended to run at least two of these.  
  Norton/Symantec --> http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
  Trend Micro -->     http://housecall.antivirus.com/housecall/start_corp.asp
  Panda ActiveScan--> http://www.pandasoftware.com/activescan/
  McAfee Security --> http://us.mcafee.com/root/mfs/default.asp
  Stinger -->         http://download.nai.com/products/mcafee-avert/stinger.exe

These links Check for Spyware:
  Spybot-S&D -->  http://www.safer-networking.org/
  HijackThis -->  http://www.spychecker.com/program/hijackthis.html
  Ad-Aware -->    http://www.netsecurity.about.com/library/blfreespyware.htm
  Web Shredder--> http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
  Pest Patrol --> http://www.pestpatrol.com/downloads/eval/download.asp
  PCHell removal->http://www.pchell.com/support/spyware.shtml

  Make sure that after downloading these, that you update them.  It helps to try at least two of these.
  If all else fails, download HijackThis and post the log that is generated after running it on your system.
~sirbounty
0
 
LVL 32

Assisted Solution

by:Luc Franken
Luc Franken earned 83 total points
ID: 10858170
Hi tonyxp,

I assume you checked these pages:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html

Make sure to disable system restore before cleaning.
Also make sure you check all workstations for the virus as it spreads through mapped drives and network shares.
What I suggest you to do is disconnect all computers from the network and scan all computer seperately for Parite.A

Greetings,

LucF
0
 
LVL 7

Assisted Solution

by:IceRaven
IceRaven earned 83 total points
ID: 10858191
Hi tonyxp,

You could be getting re-infected, this is a description of your virus here:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A

I would update PC Cillin,
Disconnect the comptuer from the internet / Network
Scan all the files,
Make sure you have the stay resident protection enabled in PC-Cillin
reboot the computer.
Scan again and see if you still have the problems.

Cheers,
IceRaven
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10858200
hmmm I think I am getting link envy, I only have one :)

Cheers,
IceRaven.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10858212
:)
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10858284
LOL
0
 

Author Comment

by:tonyxp
ID: 10858467
Thanks for repling i've tryed most of them but ill do it again to make sure. Whats troubling me is i run a anti-virus and it cleans most of them(but as you know they come back) and it cant clean the PE_parite.A-1 and on the website it says delete them but they hav infected system files like winlogon etc. in the task manager.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10858483
>>they hav infected system files like winlogon etc.<<
That's not possible, the virus can't attach to them as they are in use, these are bogus files with the same name as the official winlogon.exe Try scanning from safe mode.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10858495
You can try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.

You could also post the log from HijackThis - if it's there, we'll find it... ;)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 7

Expert Comment

by:IceRaven
ID: 10858535
Just noticed that PC Cillian Recommends you DELETE all files marked as
PE_PARITE.A-1, rather than clean them.

Just thought I would bring that up, I am guessing that they are bogus files as LucF says.

Cheers,
IceRaven.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10858660
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:tonyxp
ID: 10859903
nope tryed all of them ideas got all virus's wiped cleared redgistry and scan adware with alot of pograms but the only 1 i couldnt get rid of wasa virus in the anti-virus so idownloaded another 1 and wiped it and quess what they all cam back again.

there must be a master file some where.

thanks fr help by the way
0
 

Author Comment

by:tonyxp
ID: 10860549
ive just used panda scan and it found 100 when the other 1 found 1000 (dont know whats happining there) anyway it couldnt disinfect 4 files and in the log it said operating system instead of a file name and that doesnt sound good if ne1 can help.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10860568
Again, have you tried scanning from safe mode?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10863199
Second that...Safe mode.
Either F8 before Windows loads, or MSConfig, as outlined previously - Boot.ini tab - select Safe Boot
0
 

Author Comment

by:tonyxp
ID: 10863748
yea ive tryed it in safe mode, my pc is stable now but im still worried they might start up again so if ne1 has more ideas I'd love to hear them

thank you
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10863788
have you started updating windows yet?
Have you made sure all other computers in the network are clean?
0
 

Author Comment

by:tonyxp
ID: 10864581
yea ive updated all my windows files but i dont understand what u mean by all the computers i only have 1 connected to aol.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10866421
As this virus spreads over network shares. I just wanted to make sure no other computer on the network could infect your computer again.

Just wondering, you do have a firewall on your computer, don't you?
If you don't, get something like ZoneAlarm => http://www.zonelabs.com the free version will suit all your needs.

LucF
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now