Win32:parite

[surfy]

Hello,
I am trying to see if I have gotten rid of win32:parite infection.

Kapersky online scanner and avast detected several infected files.

I used doctorweb-cure it but I am not sure how to tell if the computer is clean.

I have attached new OTL and Malwarebytes logs.
and the Kaspersky log prior to using doctorweb.


I noticed that the file C:\WINDOWS\regedit.exe is missing.

The other annoying thing that is occurring is that when I try to open a file I get a "windows installer " opening and I don't know how to get that to stop.

Can anyone offer any advice? Do the logs show any signs of the infection remaining on the system.

Thank you in advance.

[Left123]

hello/geia sou file

this will help you http://www.symantec.com/security_response/writeup.jsp?docid=2003-011708-2030-99&tabid=3

[Maxx_original]

avast (even v4) is able to fully clean the infection

[surfy]

Thank you for your replies.

When I ran an avast scan it   showed 253 files infected with the threat: win32:parite

I tried to move it to the chest but it said not enough disk space although there was 78 GB of free space.

[DavidR]

Increase the size of the chest and max file size (to cater for large files), avast Settings, Chest, see image.

[Jtaylor83]

The best way to disinfect Parite is to do it in offline mode (at least a boot-time scan). Because Parite is polymorphic, it's best to disinfect your computer with System Restore turned off.

[surfy]

Increase the size of the chest and max file size (to cater for large files), avast Settings, Chest, see image.

This is very good to know. I misunderstood what Avast was trying to tell me!

[surfy]

The best way to disinfect Parite is to do it in offline mode (at least a boot-time scan). Because Parite is polymorphic, it's best to disinfect your computer with System Restore turned off.

I did a quick scan with Avast after using doctorweb-cure it and it shows no infected files. Should I do a boot time scan as well?
I have attached an OTL log. I don't know how to interpret this log.
I am trying to do a GMER scan as well but the tool only reaches a certain point and then the computer restarts itself without letting the scan finish therefore no log.

[essexboy]

There are two elements to remove - however on one of them you have blocked out the file path, you will need to insert that

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wvcschm.sys -- (pkqltng)
O4 - Startup: C:\Documents and Settings\****\Start Menu\??????µµata\??????s?\LaunchU3.exe.lnk = C:\Documents and Settings\****\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[Maxx_original]

don't move the files to chest.. disinfect them with avast

[surfy]

@Maxx_original
Thanks, I didn't know that!

@essexboy

Thank you very much for your reply.
I have attached the OTL logs.

[surfy]

Hello,
I have attached the OTL logs in my previous post.
I also ran a Kaspersky scan and have attached the log.

Is there anything I could do to remove the threats and infected objects?

Thank you in advance.