Threat Encyclopedia

W32/Parite.B

Analysis

  • Virus is 32bit, with a size of 177600 to 177700 bytes
  • Virus writes its code to a file in the Windows\Temp folder in order to execute and infect other files – the created file will be 176,128 bytes and have a .TMP extension
  • Virus then creates a key in the registry –

    HKEY_CURRENT_USRE\Software\Microsoft\Windows\
    CurrentVersion\Explorer\
    PINF = (HEX value representing the path and filename of the .TMP file created)

  • Virus will infect .EXE or .SCR files on the local system – the infected file will grow in size by a range of 177600 to 177700 bytes

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option