Win32/Parite.B virus?? False Positive?

Discussion in 'NOD32 version 2 Forum' started by LuckMan212, Dec 11, 2004.

Thread Status:
Not open for further replies.
  1. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    Hello,

    been using NOD32 v2.12.3, and recently I got a HUGE number of "Win32/Parite.B" virus alerts while scanning my server (via a mapped drive over the network). I am using signature 1.945 (20041211) db build 5037. Heuristics set to "Standard".

    I do weekly scans and also run a lot of other security apps like ProcessGuard, AdAware, Spybot, GIANT A.S., HijackThis etc. AFAIK I was clean so is this a false positive?

    Here's a screenshot of the recent scan I did:
    http://solvent-llc.com/files/nod32_1.png

    1,547 infections!? Do I need to totally reinstall my whole OS on that machine?? That would be a nightmare.... I just finished getting everything set up just right. Please tell me this is a false positive....
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You might need to use NOD32 for DOS to desinfect those files in DOS.
     
  3. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    I just ran a Trend Micro Housecall scan online and it found the same viruses, so I guess it wasn't a false positive... :rolleyes: :eek: :doubt: :( :mad: :'(

    guess I will clean them and reinstall the OS

    not sure how this happened!
     
  4. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    Parite is also known as Pinfi. We got it after installing all machines required for a conference (around 30), and after NAV2003 cleaning almost all cleansed EXEs were truncated, so we did a nightmare reinstall in 2 days. Also I got it at home, i still have the infected cd (tested NOD32 on it).
    But this was more than 2 years ago. The bastard is still active? daaamn...
     
  5. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i am sorry that happened, luckman..
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You could try following the comprehensive steps found here. The steps mentioned use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

    If you find Windows system files affected, you can place your Windows CD in the drive, click start > run, type in CMD, when the black window opens type in "sfc /scannow" SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
    Last edited: Dec 12, 2004
  7. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    thanks for the help guys....

    what I did was:

    1. trend micro housecall
    2. cleaned infected files
    3. some files were locked/could not be cleaned
    4. rebooted in safe mode, deleted these files
    5. installed NOD32
    6. scan & disinfect again
    7. replaced corrupted files / had to reinstall a few apps
    8. full NOD32 scan again
    9. did a repair/upgrade install of win2k03 after I was sure I was clean

    system has been running like a champ ever since. looks like this is one of the less destructive viruses around, luckily. :p
     
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    luckman, did you use nod32 to clean the files? or trend micro's housecall?
     
    Last edited: Dec 13, 2004
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nod32 should have been able to do it in Safe Mode.

    Cheers :D
     
  10. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    I used both housecall AND nod32.... I used housecall first because I didnt have NOD32 installed on that machine, and I didnt want to risk installing NOD in an "infected" environment, figured I could at least knock down the virus for long enough to install NOD then do a FULL nod32 scan / clean.
    seemed to work..... :doubt: :rolleyes: ;) :D
     
  11. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    All I can say is WOW! :D
     
Thread Status:
Not open for further replies.