Virus:Win32/Parite.B (Microsoft), W32.Pinfi (Symantec), W32/Pate.b (McAfee), Virus.Win32.Parite.b (Kaspersky), W32/Parite-B (Sophos), Win32.Parite.b (Sunbelt)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
This malware was involved in an attack targeting Banco de Brasil users during May 2013. It claimed itself to be a customized online banking browser that would allow users to access their accounts much more easily. Users with systems affected by this malware may find their online banking accounts compromised.
To get a one-glance comprehensive view of the behavior of this File infector, refer to the Threat Diagram shown below.
This File infector may be downloaded by other malware/grayware from remote sites.
It infects by appending its code to target host files.
It does not have any backdoor routine.
It does not have any downloading capability.
It does not have any information-stealing capability.
Arrival Details
This File infector may be downloaded by the following malware/grayware from remote sites:
Installation
This File infector adds the following mutexes to ensure that only one of its copies runs at any one time:
Other System Modifications
This File infector adds the following registry keys as part of its installation routine:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer
PINF =
File Infection
This File infector infects the following file types:
It infects by appending its code to target host files.
Backdoor Routine
This File infector does not have any backdoor routine.
Dropping Routine
This File infector drops the following files:
Download Routine
This File infector does not have any downloading capability.
Information Theft
This File infector does not have any information-stealing capability.
Other Details
This File infector does the following:
NOTES:
This file infector does not have rootkit capabilities.
It also does not exploit any vulnerability.
Step 2
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 3
Remove the malware/grayware file that dropped/downloaded PE_PARITE.A. (Note: Please skip this step if the threat(s) listed below have already been removed.)
Step 4
Remove the malware/grayware file dropped/downloaded by PE_PARITE.A. (Note: Please skip this step if the threat(s) listed below have already been removed.)
Step 5
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
Step 6
Scan your computer with your Trend Micro product to delete files detected as PE_PARITE.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information: