同情楼主,灰鸽子看置顶帖子
还有的
病毒名称: PE_PARITE.A-1
病毒类型: 文件感染病毒
病毒别名: W32/Parite-B, Win32.Pinfi.A, W32.Pinfi, PARITE.A, Win32.Parite.b
破坏性: 无 风险性: 低度
病毒简介: 这种非破坏性、驻留内存病毒将感染所有.EXE和.SCR文件。
技术细节:
(源自:http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A&VSect=T)
PE_PARITE is a component-based PE file infector that infects .EXE and .SCR files on the local system and on network shares that have read and write access.
One component is detected as PE_PARITE.A, which are files infected with PE_PARITE.
When executed, an infected file drops a randomly named .TMP file in the Windows Temporary folder.
This randomly named .TMP file contains the main virus infection code and is detected by Trend Micro as PE_PARITE.A-1. It contains two exported function, AttachHook and Initiate.
AttachHook injects itself into the shell process or EXPLORER.EXE so that it cannot be detected in memory. Initiate, on the other hand, is the main virus infection code.
After dropping the .TMP component, it creates the following registry entry as a marker to signify its presence:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer
PINF
It then calls its exported functions in the .TMP component to inject itself to EXPLORER.EXE in memory. This process of injecting is done by patching a part of memory where EXPLORER.EXE resides, so that it executes in the same memory space. As a result, it cannot be detected in memory.
The undetectable resident part infects a random number of files in the infected system and in network shares with read and write access. It infects by appending a new section into host files in random intervals. It makes use of port 30167 in order to access network shares.
This virus runs on Windows 95, 98, ME, NT, 2000, and XP, but it cannot stay resident on Windows NT, 2000, and XP.
手动清除方法:
对于WindowsNT/2000/XP等系统:
1 关闭系统还原
2 关闭所有应用程序
3 启动杀毒软件
4 按Ctrl + Alt + Del打开任务管理器,停止“explorer.exe”(注意:小写字母)进程,此时任务栏和桌面将消失;
5 按ALT+TAB键选中第3步中启动的杀毒软件,进行全面杀毒;
6 杀完后,按CTRL+ALT+DEL 键重新启动计算机。
对于Win 95/98:
可用杀毒软盘启动到DOS下查杀, 病毒文件可能具有系统,只读,隐藏属性,这时需要手工删除.
也可以使用试试我DIY的"瑞星杀毒助手"的
下次启动时自动删除病毒文件......
功能来解决.
关于"瑞星杀毒助手"请看
http://community.rising.com.cn/Forum/msg_read.asp?FmID=28&SubjectID=3542277&page=1
下载瑞星注册表修复工具删除病毒的启动项
