Virus known as: Win32.Parite.a [KAV], W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A [Trend], W32/Parite-A [Sophos], Win32/Parite.A [RAV]

Hello People,

my PC was infected by this virus too. I wrote several Programs that are able to get only the infected code from exe-files. Today i will write a virus scanner to get this virus away from my system cause Norman Antivirus ist f*****g bullsh*t.

I reinstalled my system and formatted my HD and i executed an old infected exefile from my backup... (i fool). And then the virus was there again. But i was able to get and analyse the infected code. It's very difficult to get infected files cause the infected code is encrypted with another Code by the virus. But if you are interested in a virus-scanner just send an email to daniel-platt@gmx.de and i will see if i get the scanner ready the next days for you all :) to help you. I hate virusses and this was the first time ever, my system was infected by a virus :-(

Important things how you can prevent a reinfection after reinstallation of windows:

- Format ALL Drives on your local harddisk
- Run fdisk and rewrite the Bootsector on your HD (only to prevent a reinfection if the bootsector on the harddisk is infected)
- if you install new software you have selfburned on CD-Rom first scan the Exefiles on the CD with your virus canner, cause they are maybe infected
- Before reinstallation of windows, you have to disconnect from the network to prevent reinfection
- Before you reconnect to the network first scan the PC's from the network about this virus and if they are infected you have to do the same procedure on each PC like described in the steps before

-> OR you have to disconnect each PC from the Network and than let the virus scanner first clean each PC and after it you are able to reconnect and not get infected again
VERY IMPORTANT: If you do this step and all files are repaired by the virus scanner REBOOT your System imadiately (don't wait), cause the virus causes a process (not visible in Task-Manager) that is linked to explorer.exe. If you wait after the virusscanner repaired infected files, any new files will be infected again. Shutdown of your system means to tighten the plug out of the power-Socket (sorry about my bad english.. I'm german)

I hope, this will help you. I'm working on virus scanner to remove this virus from my system. If you want that virus scanner just write to daniel-platt@gmx.de

With kind regards

Daniel Platt

Better and easy to get off, is to use the program Trojan Remover version 5.03
this program works alone without manual assistance... easy to use and performant...
Trojan Remover at:
http://www.simplysup.com/tremover/details.html

All these people are wrong. I own a computer company and I think you should listen to me. Call your local 4th Dimension computing store and we'll help you dispose of your virus. That Trojan Remover is bad and will destroy everything on your computer. This virus is serious. You need professionals to do the job. First ones free. Give us a call. Trust me, we can help!

lol "Lil Cat" thats funny. I don't think its the task of 4th dimension... ;) i know this company i think.

This week i have done the following with the pinfi virus:

Monday: i have cracked the encryptioncode of the pinfi-virus (the code how its encrypted in the exe-file)

Tuesday: i have written a programm that shows the changes in any exe-file that pinfi mades

Wednesday: i have written a programm that is able to extract the dll, pinfi creates (see the temp-file from pinfi in your temp-folder ;))

Thursday: i have written a virus-scanner for pinfi that will scan your registry about this virus and each exe-file.

and today i will write an application to remove this virus from my exe-files and from my system.

i think you should ask me next week if you wanna get rid of pinfi. I have the asm-code of that virus and it has no file-deletion routines included (believe me). it uses udp-componentes to spread out and its written in c++ (lol).

i only need to changeback the pe-headers of any exe-file and then the exe is clean (i hope ^^)

So if you want to get in contact with me only write to (daniel-platt@gmx.de)

if you wanna use any norten virus scanner or so that crashes your exe-files, just do it. I won't stop ya. It's your task.

with kind regards

Daniel Platt

Hello People,

i have some little problems to changeback my infected exe-files because the virus changes so many different things in each exe but i know now that the virus won't infected exe-files without PE-Headers.

I need some more time. Please excuse me but I'm working hard to remove that virus. You will hear from me in the Future :-)

With kind regards

Daniel Platt

Hello People,

yesterday i removed the virus from my exe but only one last problem is given. I have to changeback the entrypoint of the exe-file to the old position. I hope, I'm able to find it out.

Hello Again,

today I'm ready to remove 95% of the infected code of an exe-file. But the file isn't executeable after this so i hope tomorrow, i can make the final step. But i was wondering myself why any virus-remover can't completely remove pinfi?! Pinfi is 100% removeable on each infected file.

>i was wondering myself why any virus-remover can't completely remove pinfi?!

It could be because the virus scanner often runs after the system devices and startup programs, especially explorer.exe. Without properly shutting all non-essential programs down, the virus scanner can't access files that are in-use, such as those in the temp directory.

The file , which is 3 letters and one number.tmp (e.g. oka1.tmp, fcg3.tmp, etc)attatches itself to explorer.exe, which will ALWAYS be running unless you access it using another OS. This is becoming a real pain in the ass trying to fix this piece of crap on a Sunday night...