Have just disinfected the above virus which replicated all *.exe files with the extension *.exe.RB0.
The files still remain and I should like to know if there is a way to delete all from my C drive. (I'm running winXp Pro).
Also a message said that certain windows files had changed and asked me to insert disc for SP1 but as I downloaded said file fr m Microsoft site how can I 'enable' it.
Thanx
E
Have deleted files by doing search and erasing from there. However still would like to know about opening SP1 from downloaded files.

Here's a good thread.

http://www.computing.net/security/wwwboard/forum/5572.html

As far as the SP1, You're going to have to run sfc /scannow from the Start, Run line to replace missing files. You then will have to reapply SP1 and then run Windows Update.

>Have just disinfected the above virus which replicated all
>*.exe files with the extension *.exe.RB0.
>The files still remain and I should like to know if there is
>a way to delete all from my C drive. (I'm running winXp
>Pro).

You could always use the Search for *exe.RB0 (make sure you search for all files, and go to the Advanced options and tell it to search hidden and system as well) and then when found, select them all in the right pane and delete them.

I see no mention of that behaviour in any of the antivirus writeups. This is all symantec says about parite (they call it pinfi)

http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html

Enter parite in the search field and you'll find information about the virus, it's dll, and the dropper.
http://www.trendmicro.com/vinfo/virusencyclo/

>Also a message said that certain windows files had changed
>and asked me to insert disc for SP1 but as I downloaded said
>file fr m Microsoft site how can I 'enable' it.
>Thanx
>E

I don't know the answer to that one, as SFC doesn't give you a way to choose a path for the installation sources. I would have thought it would know to go to the ServicePackFiles directory for those files. You could probably just ignore that message for now, or try reinstalling SP1 (and then any updates you've done since then) if it will let you. I wish SFC had a better interface that tells you WHAT files, and allow you to choose a location. But alas, it's not designed for that. The Windows 98 SFC program was quite useful, back in the day.

What's probably happened is that disinfecting changed the size of some of the files, and/or the checksum is different. The files could be OK, or some of them might be slightly corrupted. Removing viruses from files doesn't always leave them intact.

This can be a tricky virus... it's a polymorphic file infector (exe and scr) and could still be somewhere in the nooks and crannies. I have seen pinfi show up in one scan, not show up in a subsequent one, then show up again. What I'd probably do here, especially seeing as this infection was catastrophic, is get your personal files backed up and wipe that system and start over. It may not be necessary to do that, as it doesn't even have an intentional destructive payload (it exists solely to infect) so it's up to you to decide. Maybe try to save your installation, fix any corrupted files, but if you're going to have difficulties due to corrupted files that you can't fix, don't waste time. See how it goes.

Thanks Grogan,
Such a lot for this oldie to take on board. You are right on the altered size of certain exe files looks as if I have to do a 'trial and error' search. What bothers me was that 'Avast' Virus scanner let it thro'.

you could post your problem at Avast4's forum at http://www.avast.com/forum/index.php?board=2 and see what will be the reply of Alwil team (developers of Avast4).

Edit:
I already posted this problem at http://www.avast.com/forum/index.php?board=2;action=display;threadid=1469
let's wait and see what they will say.. :rolleyes:

BTW, how did you got infected ? and is your Avast virus def. up to date ?

Sorry for the delay, been having difficulty with my btbroadband.
I suspect my daughter somehow opened a path for said virus(Which she will emphatically deny!). She communicates, and exchanges files, with her school friends via Messenger and searches for mp3s on Kazaa!!
Can't honestly recall if Avast was functioning but, to be safe, I'm now running PC-cillin.
That virus really did cause havoc!

Avast4 detects many variants of the Parite virus including "Win-Parite-B" (Pls see attached pic)..
Can't figure out how you got infected :rolleyes: