Win32.Parite.B 病毒资料
Symantec提供的资料。
W32.Pinfi
Discovered on: October 11, 2001
Last Updated on: July 31, 2003 10:50:46 AM
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus can also spread via mapped drives and network shares.
Also Known As: Win32.Parite.a [KAV], W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A [Trend], W32/Parite-A [Sophos], Win32/Parite.A [RAV]
Type: Virus
Infection Length: ~177,917 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
Virus Definitions (Intelligent Updater) *
October 12, 2001
Virus Definitions (LiveUpdate™) **
October 17, 2001
*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.
**
LiveUpdate virus definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.
Wild:
Number of infections: More than 1000
Number of sites: More than 10
Geographical distribution: High
Threat containment: Moderate
Removal: Moderate
Threat Metrics
Wild:Low
Damage:Low
Distribution:Medium
Distribution
Shared drives: Copies across mapped drives and network shares.
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
1.Adds the registry value:
PINF
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
2. Appends itself to Explorer.exe to remain memory-resident.
Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
3.W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile that this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file that the virus creates is a UPX-packed executable file. The virus will execute the temporary file, and it is this file that will attempt to infect files over network shares.
网上找的解决方法,请参考。
防止WIN32.Parite.a和Win32.Parite.a.dll
1.将d:\system\windows目录下的所有exe文件不包括(flcess.exe 和sysexplorer.exe)
设为读取,将d:\bar目录下的exe文件设为读取;
2.将e:\profiles目录下的历史记录目录设为读取;
3.禁用文件系统对象FileSystemObject
方法:直接查找scrrun.dll文件删除或者改名。
4.略。
5.在服务器安装防火墙(呵呵,不要认为不可能,选择一个无盘专用防火墙);
以下为变态方法,作为杀毒方法的后续,如果想要安全可以加入:
6.专杀工具spant,可以加到启动组中,工作站启动随时可以杀病毒;
7.将所有文件设为只读(不包括网络游戏的EXE文件);
8.删除IE浏览器,暂时避过WIN32病毒风头
权限控制
A Sample CACLS script to lockdown the filesystem permissions on new servers:
cacls c:\ /g administrators:f system:f users:r
cacls c:\*.* /t /c /g administrators:f system:f users:r
cacls c:\temp /e /p users:c
xcacls c:\winnt /e /t /g users:ex;ewx "creator owner":c
xcacls c:\winnt\repair /e /r users "creator owner"
xcacls c:\winnt\system32 /e /g users:ex;ewx "creator owner":c
xcacls c:\winnt\system32\spool /e /g "creator owner":f
xcacls c:\winnt\cookies /e /g users:c
xcacls c:\winnt\forms /e /g users:c
xcacls c:\winnt\history /e /g users:c
xcacls c:\winnt\occache /e /g users:c
xcacls "c:\winnt\temporary internet files" /e /g users:c
xcacls "c:\program files\microsoft office\office" /e /g users:ewxd;ewx
xcacls "c:\program files\microsoft office\templates" /e /g users:ewxd;ewx
W32.Pinfi
Discovered on: October 11, 2001
Last Updated on: July 31, 2003 10:50:46 AM
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus can also spread via mapped drives and network shares.
Also Known As: Win32.Parite.a [KAV], W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A [Trend], W32/Parite-A [Sophos], Win32/Parite.A [RAV]
Type: Virus
Infection Length: ~177,917 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
Virus Definitions (Intelligent Updater) *
October 12, 2001
Virus Definitions (LiveUpdate™) **
October 17, 2001
*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.
**
LiveUpdate virus definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.
Wild:
Number of infections: More than 1000
Number of sites: More than 10
Geographical distribution: High
Threat containment: Moderate
Removal: Moderate
Threat Metrics
Wild:Low
Damage:Low
Distribution:Medium
Distribution
Shared drives: Copies across mapped drives and network shares.
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
1.Adds the registry value:
PINF
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
2. Appends itself to Explorer.exe to remain memory-resident.
Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
3.W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile that this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file that the virus creates is a UPX-packed executable file. The virus will execute the temporary file, and it is this file that will attempt to infect files over network shares.
网上找的解决方法,请参考。
防止WIN32.Parite.a和Win32.Parite.a.dll
1.将d:\system\windows目录下的所有exe文件不包括(flcess.exe 和sysexplorer.exe)
设为读取,将d:\bar目录下的exe文件设为读取;
2.将e:\profiles目录下的历史记录目录设为读取;
3.禁用文件系统对象FileSystemObject
方法:直接查找scrrun.dll文件删除或者改名。
4.略。
5.在服务器安装防火墙(呵呵,不要认为不可能,选择一个无盘专用防火墙);
以下为变态方法,作为杀毒方法的后续,如果想要安全可以加入:
6.专杀工具spant,可以加到启动组中,工作站启动随时可以杀病毒;
7.将所有文件设为只读(不包括网络游戏的EXE文件);
8.删除IE浏览器,暂时避过WIN32病毒风头
权限控制
A Sample CACLS script to lockdown the filesystem permissions on new servers:
cacls c:\ /g administrators:f system:f users:r
cacls c:\*.* /t /c /g administrators:f system:f users:r
cacls c:\temp /e /p users:c
xcacls c:\winnt /e /t /g users:ex;ewx "creator owner":c
xcacls c:\winnt\repair /e /r users "creator owner"
xcacls c:\winnt\system32 /e /g users:ex;ewx "creator owner":c
xcacls c:\winnt\system32\spool /e /g "creator owner":f
xcacls c:\winnt\cookies /e /g users:c
xcacls c:\winnt\forms /e /g users:c
xcacls c:\winnt\history /e /g users:c
xcacls c:\winnt\occache /e /g users:c
xcacls "c:\winnt\temporary internet files" /e /g users:c
xcacls "c:\program files\microsoft office\office" /e /g users:ewxd;ewx
xcacls "c:\program files\microsoft office\templates" /e /g users:ewxd;ewx
hofman
2005-05-12 23:24:46
评论:11
阅读:13756
引用:0
才6.7百病毒啊
@2006-11-20 11:37:22 海盗
我今天杀到了1000个病毒 一共就查了100000个文件 十分之一的病毒啊
@2006-09-01 21:46:41 米兰的小铁匠
瑞星也不是很强,我觉的我的电脑用的东方卫士还好,还是免费的,唯一一个缺点是升级慢了,在东方卫士中把这个病毒列为本月病毒排行榜老大.它把我电脑上的17个病毒和4个木马都踢了!{DFV3-HERCULES-58272020-1219}是它的升级序列号. 下载地址http://www.i110.com/down_upda.html
病毒 win32.parite.b
@2006-08-08 14:13:10 病毒 去死
这是个良性病毒还是恶性的?我也有
安全模式
@2006-08-02 21:37:11 hofman
这是一个古老的病毒,安全模式启动机器,用瑞星不会杀不掉吧。clnpinfi.com这个专杀工具也能对付。
帮帮忙T0T
@2006-08-02 20:46:00 风铃
现在我家中了WIN32.PARITE.A.DLL 这个病毒。。瑞星软件杀不掉。。。帮帮忙吧。
396969199@qq.com
396969199@qq.com
@2006-01-21 10:27:12 星星心
它也感染瑞星杀毒软件
汗~~
@2005-12-19 19:05:56 啊灿
用别的杀啊~
一杀就没了~~
我用的~《电脑迷》上的一个赠送杀毒程序一下就干净了~~
总知~~~
你投资不够~~~
养不起就50卖给我吧~~
嘎嘎~~~
一杀就没了~~
我用的~《电脑迷》上的一个赠送杀毒程序一下就干净了~~
总知~~~
你投资不够~~~
养不起就50卖给我吧~~
嘎嘎~~~
找我把 我帮你 我用了一天的时间让机器自己干掉了
@2005-12-19 18:21:59 小磊
找我把 我帮你 我用了一天的时间让机器自己干掉了
byxiaolei@163.com
QQ:335804198 验证信息:蚂蚁的窝
byxiaolei@163.com
QQ:335804198 验证信息:蚂蚁的窝
专杀工具
@2005-12-06 20:11:33 hofman
clnpinfi.com这个专杀工具还是不错的,单机摆平应该不成问题.
为什么每次都杀不掉,每次都有六七百个
@2005-12-06 19:52:28 宝哥
兄弟们:
帮帮忙吧,我的机子现在中了Win32.Parite.b病毒,我用瑞星杀毒软件天天杀,天天都有六七百个这样的病毒,为什么老杀不掉呢?这是为什么呢?要怎么样才能杀掉呢?我真的好怕呀,机子上天天都有这么多的病毒,C、D、E盘都有呀。请求大家帮帮我解决这个问题!
帮帮忙吧,我的机子现在中了Win32.Parite.b病毒,我用瑞星杀毒软件天天杀,天天都有六七百个这样的病毒,为什么老杀不掉呢?这是为什么呢?要怎么样才能杀掉呢?我真的好怕呀,机子上天天都有这么多的病毒,C、D、E盘都有呀。请求大家帮帮我解决这个问题!
无题
@2005-09-29 11:45:52 过客
好像还是没什么用