Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W32/Pate.b worm - please help if you can.

Status
Not open for further replies.
Banjoh

Banjoh

Technical User
Sep 5, 2003
1
NZ
I have been struck with W32/Pate.b worm (also known as Parite) .. and no matter what I do, it just won't go away.

Can anyone help?

Things I have done over the last few days:

Removed all my drives except C.
Deleted all programs and files that I can live without.

Cleaned all the infected files with McAfee (About 1200 exe and scr files!)
Removed the PINF entry in the Registry.
Removed the random TXT file in Windows/Temp (via DOS)

Shut down - Cold booted.

The infection comes back.

Downloaded and ran various other anti-virus software (NOD 32, Cleaner3, fp-prot/win)
Re-cleaned my files. Re-fixed the registry. Re-removed the random Windows/Temp file.

Still no luck.

None of the antivirus software seems to root out the cause, just the symptoms.

Has anyone managed to exorcise this vile pestilence (a thousand curses on all #%&! virus creators!) from their machine?

I am close to wiping my drives and starting over, but it's such a hassle I can't bear to think of it just yet.

Any help would be GREATLY appreciated.

Thanks,
Banjo.
 
Sort by date Sort by votes
What OS are you are you using? It sounds like System Restore is restoring the files that you are deleting. If you are using Windows ME or Windows XP you will need to disable system restore before you remove the infected files.
 
Upvote 0 Downvote
Are you on a network? This is a network aware worm. It could be infecting you from somewere else on the network. Turn off all your shares (including administrative shares) to see if this stops it from coming back.
 
Upvote 0 Downvote
Parite if i remember correctly embeds itself in explorer.exe, here is the link about it on sarc.com.



I had this on a family member's machine, i had to delete all the files that are infected, one would not delete in c:\winnt\temp. There was a .tmp file there that was infected and would not delete. So from task manager i killed explorer.exe, then started a new task called explorer.exe, then i was able to delete that file. After that the next scan came up clean.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
768
Yoko Littner
Yoko Littner
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
485
ChrisHirst
ChrisHirst
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
249
goombawaho
goombawaho
harebrain
  • Locked
  • Question
Does Microsoft call you? 10
Replies
15
Views
234
jlockley
jlockley
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
194
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top