Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dormant Worm.Parite Came Back to Life


  • Please log in to reply
10 replies to this topic

#1 KGarrard

KGarrard

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 11 July 2014 - 11:14 AM

Hello and good afternoon :)

 

So just yesterday I ran a scan on my computer, and a Worm.Parite bug showed up in quarantine. Not the first time this virus appeared, thought it was done for but apparently not. I deleted it, rebooted, came back and was then unable to open Chrome or my antivirus. I tried AGV's Parite Remover tool on boot, rebooted, used it again to see if all was gone but the window closed before the scan finished. Malwarebytes' library is corrupted and I can't update it since on my computer I can't get online. Most I know is that it's messing around in my Temp folder since that's the area that the AVG tool had scanned before it closed. Any tips, or am I really screwed this time? ^^;


Edited by KGarrard, 11 July 2014 - 11:16 AM.


BC AdBot (Login to Remove)

 


#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 11 July 2014 - 11:16 AM

have you tried this all in safemode?



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:37 PM

Posted 11 July 2014 - 11:34 AM

Hi,

 

You can try this remover from BitDefender and see if it will remove it.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 KGarrard

KGarrard
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 11 July 2014 - 11:38 AM

I've tried running it in safemode but the same thing happens.  :(  That or I get a message saying that Malwarebytes is unable to complete the scan.
And thanks, xXToffeeXx, I'll try running that from my USB and post on how it goes.  



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:37 PM

Posted 11 July 2014 - 11:44 AM

Hi KGarrard,

 

Let me know how it went once it's done, and if it's no good then there are a few more things you could do.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 KGarrard

KGarrard
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 12 July 2014 - 11:26 AM

I ran it, it disinfected four files but I was still unable to access Chrome, and MalwareBytes still wouldn't scan. AVG closes after accessing the user Application Data folder, too. :( And now I can't even use my mouse and keyboard.



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:37 PM

Posted 12 July 2014 - 11:49 AM

Hi KGarrard,

 

Seems the worm took hold pretty well. It may be quicker to reinstall windows, but you can try Kaspersky Rescue Disk and then scanning with it (I suggest not selecting delete as an option).

 

Worm:Win32/Parite is a file infector which targets and infects .exe and .scr files, so whenever an infected exe or scr is run the worm can spread and infect more exe and scr files.
 
Parite is commonly spread via a flash drive (usb, pen, thumb, jump) where it can infect executable files on local, removable and remote shared drives. The infection is often contracted by visiting remotecrack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 KGarrard

KGarrard
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 12 July 2014 - 12:00 PM

Sounds pretty serious, to understate :(   I've downloaded both the rescue disk and the usb utility onto a flash drive. I won't be back at home with my computer for a little bit, but I'll let you know how it goes as soon as I've used it! Thank you so much for your help, too. I made the silly mistake of visiting a keygen site almost a year ago, looks like it came back to bite me in the butt ^^:



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:37 PM

Posted 14 July 2014 - 11:41 AM

Hi KGarrard,

 

Yes, using keygens and whatnot can cause big problems, hence why it's better to stay away if not for the piracy reason. File infectors are normally a pretty big deal, and tend to be difficult to remove fully.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 KGarrard

KGarrard
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 15 July 2014 - 12:30 PM

I ran the Rescue Disk from a USB drive and it found a Blackhammer virus hanging out in one of my game folders. :) Unfortunately I then logged into Windows and my antivirus and internet are still screwy. Maybe I should reinstall them? I wasn't able to update the disk at home, but am doing so now. Maybe it'll pick up on something else once the update's done and I scan everything again..



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:37 PM

Posted 15 July 2014 - 02:18 PM

Hi KGarrard,

 

Yes, I'd perhaps try reinstalling the programs which aren't working. I would be interested to see a malwarebytes scan if you can get it working.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users