Description
Win32.Parite.2 is a memory-resident file infector, which affects computers running under Windows 95/98/Me/NT/2000/XP operating systems. Its main binary component is written in Borland C++ and is UPX - packed. The size of the virus is 176,128 bytes.
The virus capable of spreading across shared drives of the local network.
It infects files with .EXE and .SCR extensions on infected computers and in the local network. The virus appends its viral code thus increasing their length at 176,128 bytes.
Action
Being released on the infected computer the virus drops to the Windows\\Temp folder a randomly named dynamic library file , the name of which consists of alpha-numeric symbols and .TMP extension.
To mark its presence in the system in order to avoid repeated infection the virus creates a mutex named \"RESIDENTED\".
The worm adds the value
PINF
to the Windows system registry
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Explorer\\
At the beginning of the process of the file infection the worm creates additional section at the end of the file and then appends its viral code to it, thus increasing its length at 176,128 bytes.
The worm infects all executables on the infected machine. It also spreads across shared resources with write permission. As a result, nearly all executables on such shares may become infected in no time.
