Win32:parite

Hello,
I am trying to see if I have gotten rid of win32:parite infection.

Kapersky online scanner and avast detected several infected files.

I used doctorweb-cure it but I am not sure how to tell if the computer is clean.

I have attached new OTL and Malwarebytes logs.
and the Kaspersky log prior to using doctorweb.

I noticed that the file C:\WINDOWS\regedit.exe is missing.

The other annoying thing that is occurring is that when I try to open a file I get a "windows installer " opening and I don’t know how to get that to stop.

Can anyone offer any advice? Do the logs show any signs of the infection remaining on the system.

Thank you in advance.

hello/geia sou file

this will help you http://www.symantec.com/security_response/writeup.jsp?docid=2003-011708-2030-99&tabid=3

avast (even v4) is able to fully clean the infection

Thank you for your replies.

When I ran an avast scan it showed 253 files infected with the threat: win32:parite

I tried to move it to the chest but it said not enough disk space although there was 78 GB of free space.

Increase the size of the chest and max file size (to cater for large files), avast Settings, Chest, see image.

The best way to disinfect Parite is to do it in offline mode (at least a boot-time scan). Because Parite is polymorphic, it’s best to disinfect your computer with System Restore turned off.

This is very good to know. I misunderstood what Avast was trying to tell me!

I did a quick scan with Avast after using doctorweb-cure it and it shows no infected files. Should I do a boot time scan as well?
I have attached an OTL log. I don’t know how to interpret this log.
I am trying to do a GMER scan as well but the tool only reaches a certain point and then the computer restarts itself without letting the scan finish therefore no log.

There are two elements to remove - however on one of them you have blocked out the file path, you will need to insert that

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wvcschm.sys -- (pkqltng)
O4 - Startup: C:\Documents and Settings\****\Start Menu\??????µµata\??????s?\LaunchU3.exe.lnk = C:\Documents and Settings\****\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

don’t move the files to chest… disinfect them with avast :wink:

@Maxx_original
Thanks, I didn’t know that!

@essexboy

Thank you very much for your reply.
I have attached the OTL logs.

Hello,
I have attached the OTL logs in my previous post.
I also ran a Kaspersky scan and have attached the log.

Is there anything I could do to remove the threats and infected objects?

Thank you in advance.