Win32.Parite.a [KAV], W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A [Trend], W32/Parite-A [Sophos]
Category: Computer Virus
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
11 Oct 2001
W32.Pinfi first appeared on October 11, 2001. This type of a virus is a memory-resident polymorphic virus that infects the .Exe and .SCR files. It also spreads through mapped drives and open network shares. This virus is also known as Win32.Parite.a, W32/Pate.a, Win32.Pinfi.A, PE_PARITE.A, W32/Parite-A and Win32/Parite.A. Operating systems affected by this virus are Windows 2000, 05, 98, Me, NT and XP.
W32.Pinfi Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Pinfi from your computer.
More details about W32.Pinfi
Once W32.Pinfi is executed, the virus adds the system registry value PINF to a particular system registry key and appends itself to the Explorere.exe file to remain memory-resident. It also appends itself to all the EXE and SCR files from all local as well as mapped drives. Since the virus contains an algorithm, the virus slowly infects a few files one at a time. Then, the virus creates a tempfile in the temporary folder using a Windows API. The created file made by the virus is a UPX-packed executable file. This means that the virus can execute the temporary file and through this UPX-packed executable file will attempt to infect files over network shares.
The W32.Pinfi software connects to a remote server. The server location is hard-coded in its programming. It will then download files into the infected computer. These files are generally installers for malware applications. The downloaded malicious software are installed and added to the system registry. This makes sure the programs run at system startup. They can then be executed to run in the background. The new programs may be adware, spyware or other Trojan applications.