PE_PARITE infection

entropyentropy Yah-Der-Hey (Wisconsin)
edited May 2004 in Folding@Home
ok, my bro's trend micro internet security 11, all updates, found PE_PARITE in either the core or the console .exe. i'm pretty sure it got infected from elsewhere, but i guess it went and broke his sound and his cd drive. it also only seems to be a trend micro thing, because a google search gives the whole first page as trend micro related sites. any idea if it's possible at all that it came from the files themselves, and maybe it's detecting the WU transmitter and reciever as a virus/trojan?

Comments

  • muddocktormuddocktor
    edited May 2004
    OK that's a weird one there. I've never heard of the console or the core getting infected before, but I guess it could happen. I just did a search on Norton's site and this virus is also called the W32.Pinfi virus and this is their info here on the little bugger. It also tells you how to remove it.

    After you follow all the removal steps, I would suggest that you delete the console and the core executables, as it looks like this virus goes for .exe files, as well as .scr files to mess with.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited May 2004
    entr0py wrote:
    ok, my bro's trend micro internet security 11, all updates, found PE_PARITE in either the core or the console .exe. i'm pretty sure it got infected from elsewhere, but i guess it went and broke his sound and his cd drive. it also only seems to be a trend micro thing, because a google search gives the whole first page as trend micro related sites. any idea if it's possible at all that it came from the files themselves, and maybe it's detecting the WU transmitter and reciever as a virus/trojan?

    Many viruses that go after .exe's do them at random. So, the first .exe it hit could be one of those without those coming onto his box while preinfected. I know my client and cores here are not infected with that virus, for example, so it is relaively unlikely that the files came in preinfected.

    One way to discern what is and is not true detect is to look at removal instructions. If only the first file is present and nothing else spoken of in the instructions for manual removal is present, MIGHT be a false hit. The safest way to handle this is to do as suggested, see if the next ddownloaded core and client show up as infected with same virus. What you could also do is look in the helps for your bro's AV, and see how to submit a suspicious file. Most folks who do AV want test files to check themselves and will tell you if the file is really virused or not-- so they provide a way, but follow it to the letter. Let trend micro take the file apart for you. The way to do this is NOT to delete the file, instead quarantine it. When you quarantine a file with AV, it is encrypted and not allowed to run. Quarantine both files, the client and any cores.

    Leave all other files that the client uses there. Go to the http://folding.stanford.edu/ website, get the client for the O\S you have, and stick it where the old client was. Run it normally, let it try to use the WU, finish it, and the client will grab the Core it needs for you. Replace and submit simply to get better knowledge of the file's actual content from Trend Micro.
    Replace is just for safety's sake, the submit is to KNOW more certainly after Treend Micro has a few days to take the file apart and compare to specimens they have of actually virused files. But, would say to be safe here since this is not a critical Windows file.
Sign In or Register to comment.