New Virus?
Moderator: Thanas
-
Soontir C'boath
- SG-14: Fuck the Medic!
- Posts: 6853
- Joined: 2002-07-06 12:15am
- Location: Queens, NYC I DON'T FUCKING CARE IF MANHATTEN IS CONSIDERED NYC!! I'M IN IT ASSHOLE!!!
- Contact:
New Virus?
I just came home and started a scan on my comp. and found the w32/pate.a virus/worm whatever in my computer.... Just wondering if anyone knows about it and what it does....cause I just checked Norton and they didn't have it in their database.~Jason
I have almost reached the regrettable conclusion that the Negro's great stumbling block in his stride toward freedom is not the White Citizen's Counciler or the Ku Klux Klanner, but the white moderate, who is more devoted to "order" than to justice; who constantly says: "I agree with you in the goal you seek, but I cannot agree with your methods of direct action"; who paternalistically believes he can set the timetable for another man's freedom; who lives by a mythical concept of time and who constantly advises the Negro to wait for a "more convenient season."
-
Crazy_Vasey
- Jedi Council Member
- Posts: 1571
- Joined: 2002-07-13 12:56pm
-
Faram
- Bastard Operator from Hell
- Posts: 5271
- Joined: 2002-07-04 07:39am
- Location: Fighting Polarbears
Virus Profile
Virus Information
Name: W32/Pate.b.worm
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/15/2001
Date Added: 9/13/2002
Origin: Unknown
Length: 177kb
Type: Virus
SubType: Worm
DAT Required: 4167
Quick Links
Virus Family Statistics
Virus Characteristics
Indications of Infection
Method of Infection
Removal Instructions
Aliases
Buy or Update
New Users Get Protected Now:
Buy VirusScan
Update VirusScan
Virus Family Statistics (over the past 30 days)
Virus Name Infected Files Scanned Files % Infected Computers
Crepate.mp 0 0 0.00
Crepate.mp.1944 0 0 0.00
Crepate.mp.2910 0 0 0.00
W32/Pate 570 82,060 0.00
W32/Pate.a 1,871 1,519,569 0.00
W32/Pate.a.tmp 34 514,763 0.00
W32/Pate.b 2,122 197,573 0.00
W32/Pate.b.tmp 7 134,063 0.00
Virus Characteristics
This is an encrypted parasitic file-infecting virus and network aware worm. It appends PE EXE and SCR files in the Windows directory and subdirectories on the local system, as well as on any accessible network share. The virus creates an additional PE section with a random 3 letter section header followed by the character "•".
The virus creates the following registry key:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\PINF
The virus may mis-infect files with an incomplete virus body. These damaged samples are detected as W32/Pate.b.dam, cannot be repaired, and should be deleted and restored from backup.
Indications of Infection
- Increase in file size by approximately 177Kb
- Presence of aforementioned registry key
Method of Infection
The virus drops a UPX packed executable in the WINDOWS TEMP directory and executes it. This file is 176,128 bytes in length, contains a random filename and a .TMP extension. The virus enumerates all network shares and infects all PE .EXE and .SCR files that it has write access to.
Removal Instructions
Use specified engine and DAT files for detection and removal.
Infected systems should be removed from the network and repaired prior to placing them back on to the network. Failure to do so can results in further infections.
As this threat seeks open shares, turn off full share to your system. If you have to use shares, use password protection to avoid being a future target.
Additional Windows ME/XP removal considerations
Aliases
PE_PARITE.A (Trend), W32.Pinfi (Symantec), W32/Parite-B (Sophos), W32/Parite.B (F-Prot), W32/Parite.B (Panda), W32/Pate.b.tmp, Win32.Parite.b (AVP), Win32.Pinfi.A (CA)
Virus Information
Name: W32/Pate.b.worm
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/15/2001
Date Added: 9/13/2002
Origin: Unknown
Length: 177kb
Type: Virus
SubType: Worm
DAT Required: 4167
Quick Links
Virus Family Statistics
Virus Characteristics
Indications of Infection
Method of Infection
Removal Instructions
Aliases
Buy or Update
New Users Get Protected Now:
Buy VirusScan
Update VirusScan
Virus Family Statistics (over the past 30 days)
Virus Name Infected Files Scanned Files % Infected Computers
Crepate.mp 0 0 0.00
Crepate.mp.1944 0 0 0.00
Crepate.mp.2910 0 0 0.00
W32/Pate 570 82,060 0.00
W32/Pate.a 1,871 1,519,569 0.00
W32/Pate.a.tmp 34 514,763 0.00
W32/Pate.b 2,122 197,573 0.00
W32/Pate.b.tmp 7 134,063 0.00
Virus Characteristics
This is an encrypted parasitic file-infecting virus and network aware worm. It appends PE EXE and SCR files in the Windows directory and subdirectories on the local system, as well as on any accessible network share. The virus creates an additional PE section with a random 3 letter section header followed by the character "•".
The virus creates the following registry key:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\PINF
The virus may mis-infect files with an incomplete virus body. These damaged samples are detected as W32/Pate.b.dam, cannot be repaired, and should be deleted and restored from backup.
Indications of Infection
- Increase in file size by approximately 177Kb
- Presence of aforementioned registry key
Method of Infection
The virus drops a UPX packed executable in the WINDOWS TEMP directory and executes it. This file is 176,128 bytes in length, contains a random filename and a .TMP extension. The virus enumerates all network shares and infects all PE .EXE and .SCR files that it has write access to.
Removal Instructions
Use specified engine and DAT files for detection and removal.
Infected systems should be removed from the network and repaired prior to placing them back on to the network. Failure to do so can results in further infections.
As this threat seeks open shares, turn off full share to your system. If you have to use shares, use password protection to avoid being a future target.
Additional Windows ME/XP removal considerations
Aliases
PE_PARITE.A (Trend), W32.Pinfi (Symantec), W32/Parite-B (Sophos), W32/Parite.B (F-Prot), W32/Parite.B (Panda), W32/Pate.b.tmp, Win32.Parite.b (AVP), Win32.Pinfi.A (CA)
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus
Fear is the mother of all gods.
Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
-
Soontir C'boath
- SG-14: Fuck the Medic!
- Posts: 6853
- Joined: 2002-07-06 12:15am
- Location: Queens, NYC I DON'T FUCKING CARE IF MANHATTEN IS CONSIDERED NYC!! I'M IN IT ASSHOLE!!!
- Contact:
Thank you so much.~Jason
I have almost reached the regrettable conclusion that the Negro's great stumbling block in his stride toward freedom is not the White Citizen's Counciler or the Ku Klux Klanner, but the white moderate, who is more devoted to "order" than to justice; who constantly says: "I agree with you in the goal you seek, but I cannot agree with your methods of direct action"; who paternalistically believes he can set the timetable for another man's freedom; who lives by a mythical concept of time and who constantly advises the Negro to wait for a "more convenient season."