Win32.Parite.A/B/C (Information from BitDefender)
- Sensible decrease in hard-drive free space;
- A file about 180K, executable in temporary folder written in Borland C++;
- Most exe files have over 200K in size.
The virus is a file infector that is composed of two parts: a small stub written in Assembler, appended to the files infected that decrypts the main virus body, also appended to the infected file. The main virus body is a PE file written in Borland C++ that it's dropped in the Windows\TEMP directory (or whatever location temporary files have on your system).
The virus infects PE files, and searches for files with *.exe and *.scr extensions, on local drives, network drives and network shares on local network. Because the virus appends to every infected file the main body, which is ~180K in size, there should be a visible decrease in free space on your volumes. The virus doesn't show it's presence in any way, and does not use email for spreading.
Versions A and B are mostly the same, while version C uses a somewhat tricky method of encrypting the original PE file's entry point. Infected files have the last section's name consisting of 3 randomly chosed letters followed by a non-printable character.
If in your exe files the last section name is .jbd or .xgt or something like that, then it's probably a file infected with Parite.
The virus does not damage the file it infects.
Download Removal Tool from BitDefender's website