Stupid Me!

[dublix]

Well this sucks, I just did an AVG scan and it seems i have gotten infected from the "Win32/Parite" virus. I havent had a virus in over a year and a half so that run is over.

I noticed something suspicous last week when all of the sudden port 30167 opened up. This really cought my eye because the only port i have open on any given day is port 135 and i do netstat -an like a cocaine addict,lol. After seeing this i ran multiple trojan scanners to see if this port was open due to a trojan but the scan's didnt produce anything. I stupidly didnt think to run a simple virus check because i was unaware of viruses opening up ports, i just thought they destroyed files and modified them and such. (I still dont know if port 30167 has anything to do with "Win32/Parite) but after looking at my trojan port list i found that port 30167 was unassigned.

---------------------

I just want to say to the lifeless punk b***h that wrote this virus, you are a bastard, and a piece of sh*t.

---------------------------------------------------------------------------------------------------------------------

The virus consists of a dropper, which is witten in assembler, and the virus part itself, written in Borland C++.

When an infected file is launched, the control flow is passed to the virus dropper, which writes the virus to a temporary file and executes its infection procedure.

The virus searches for Win32 EXE PE files with .scr and .exe extensions on all logical drives of computer, and also in shared resources of local network, and infects them.

The virus doesn't manifest itselfs presence in any way.

The structure of infected file looks like this:

Host file
Virus
dropper - drops "main" to TEMP dir and executes it.
main - searches for files and infects them, e.t.c. edit- --from VirusEncyclopedia
--------------------------------------------------------------------------------------------------------------------------

After doing my AVG scan i found out that this virus had infected almost all of my .exe files. So i moved them to the virus vault and deleted them, AVG was only able to heal one of them. I never run on root, so i guess i just caught a bad draw on this one.

I guess my question is have any of you ever been infected with this virus? And does anyone know of an association of "win32/Parite" and port 30167?

[King of CaveMen]

Ok if I found some more information on

http://www.sophos.com/virusinfo/anal...32paritea.html

I did a quick search, however I came up empty when I tried various terms of Parite and port 30167.

I hope everything works out fine for you!

kOc

[bballad]

Well reading through your virus description scares the hell out of me and here is why.
I thought most modern virus Writers couldn't figure out assembler, in the present days that was all they where written in. IF there are guys out there that can revive assembler viri they can modify the old stealth boot sector viri (form.a and what not). When those nasties get on your system AV's can't find them after your OS loads the only way to clean them is with a clean boot floppy with an AV(or knowledge of how big your boot sector is and a clean boot floppy with a mbr repair util). This is bad because I haven’t seen a AV that will fix on a boot floppy in seven years.