I had a Partie.A and Partie.B Virus

[Alex_is_Axel]

Goodevening Everyone

A few days ago, i found that i had viruses on my computer which turned out to be something called Partie.A and Partie.B virus. At the end of it all.. using 2 different virus scanners, it had found 812 viruses on my computer.

Fortunatly, i managed to remove them all but.. heres the thing, im not sure if it has completely gone. The reason being is because, some of my programs are still unable to run properly or even be able to run due to a startup message saying "this program has been modified and cant run. This may be due to a virus"

Is there anything i could use to completely remove the partie.A and Partie.B virus? Possibly like the way you can remove the Klez virus using a certain small tool.

I mean yea, ive had viruses before but this one has actually turned out to be the worst virus ive had (excuding the klez :happy: which i got saved onto a floppy hehe), it messed up all.. and i mean ALL my .exe files, it duplicated itself to use up all the harddrive space i had and it also ran little programs in the background to use up my ram i think.. unless that end one is just me being paranoid

So i would be most greatful for your support and i hope this has helped you too if you ever come across the same virus?

Another thing to add which is a really weird coinidence, as soon as my computer got ill (ie. had the viruses (all 812 lol)).. i was ill too.. and still am and i think my computer is still ill too.. it doesnt seem right anymore

Thank you for your time and help

Sincerly Alex

P.S Heeelllpppp Meeeeee

 

[Enyo]

Yo Alex buddy.

Ive seen this virus before (test envioment of course), the problems it caused are insane! It spread so fast it was laugthable, we dropped out into DOS and ended up letting it clean every last EXE on the box.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A

Clean with sysclean from above.

Remove the regkey:

http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html

Download GAV from the thread at the top of this forum and run a scan

I was wondering why i have not seen you around much, get well soon computer and person!

 

[XP Abuser]

hey alex i heard that this virus changes the handler for the exes, causing them to not open you need to repair the respective registry entry to change it back to the default (and correct) handler for Executables:happy:

 

[Enyo]

I dont recall it doing so but it may well do. If it is the case however with the virus gone he would not be able to run any EXE's

Anyway Alex, if you get this problem appy the reg patch from:

http://www.ntfs.org/forum/showthread.php?s=&threadid=30279&highlight=reg

** Edit: Alex, i just found this thread at SFDC you may want to take a look at:

http://www.security-forums.com/forum/viewtopic.php?t=3318 **

Some "removal" ideas at least, also some more links to details on the virus.

 

[Alex_is_Axel]

thank you for your help everyone, as i am typing this, i am running Norton Anti-virus 2003 again with it updated to see if it can find anythin.. so far its found "1!" virus .. i cant believe its found another one though.. i think im gonna cry. ill let you know how i get on

 

[Alex_is_Axel]

p.s... Thanx Enyo for caring.., its nice to know someone cares.. I hope i and my comp feels better soon too, we've both been ill for 5days now

Im gonna try that TrendMicro Cleaner in a sec as soon as it downloads

XP Abuser - Yea the virus is terrible, it really did cause alot of damage, even messed up my anti-virus causing me to have to re-install it

Enyo - Laughable speeds, lol yup, i was suprised myself to see 812 viruses.. well 813 viruses now. But its so fustrating, i havent tried all my programs on my comp yet but i bet even still some still wont work.. i think i might just have to end up reformating and starting all over again

 

[damnyank]

Alex_is_Axel - man I hope you get this $hit whipped and I am also glad ya got Enyo helping - he is really good about seeing things thru and not letting one hang out there!

I am sorry, but I have to ask the question - - - now that Enyo got me to the W32Pinfi portion of the virus on Symantec and I saw that the definitions were in an Oct 17 2001 automatic update I have to ask why or how did the virus get on your system - my guess would either be you disabled NAV or you have not been updating!

Don't get me wrong - I am not flaming you (I think you know me better than that), perhaps if that is the case (NAV disabled or not updated or even worse no AV used at all) everyone (especially a newbie) could learn a lesson from this!

Once again, I hope you get this whole thing sorted!

 

[Alex_is_Axel]

Damnyank , would you really like to hear my story about that? If i am to be honest, i do not have an Anti-Virus running in my background. But i do however have AVG installed which is updated every weekend inwhich i then do a system check. I also do run Trend Micro which is how i found out that i had this virus.

.::[you dont have to read this if you dont wanna know how i may of got the virus]::.

But this is how i am guessing i got this virus. I must of got the virus somehow on Monday morning this week. The problem with that, was that i left my house on Monday afternoon still not knowing that i had the virus in my computer. I knew it couldnt be any sooner than Monday because i did do a full virus system check on Sunday night before i went to sleep inwhich i then turned my system off. Anyways, Monday afternoon i left my house to go for a short holday with my mum. I left my computer on over the time i was away considering my brother was still at home. I know what may draw to your mind now, it may of been my brother.. well not possible .. i put the system lock on (you know when you press the Windows Key + L) inwhich it is passworded which i know he would never be able to get. So i was away from Monday afternoon until Thursday morning.. so all that time, the virus was able to do whatever it pleases without me noticing any funny activities .

- - - - - -

The reason why i dont have an Anti-Virus running in the background which now you'd be happy to know that now i do just to let you know :happy:, yea, the reason why i DIDNT have one running is my pickering of system resources despite me actually having 512mb RAM which i will proberbly upgrade soon anyways to 1024MB . I like to keep the least amount of programs up so that my computer can run better but now i know better .. but only up to an extent. i will only let the anti-virus slip by my pickering

So there you go, thats how it all happened

Mad isnt it.. lol

Enyo and yourself Damnyank are kool! you guys rule!

Just to keep you informed also, i am still running the trend micro system cleaner .. it has 280GB's to scan and clean up.. lol

 

[toxicity]

Format, the best method to destroying all viruses. But seriously, if you feel you are not safe, do it. This is a good reason why u should have everything backed up before hand to be able to do a clean format.

 

[Perris Calderon]

alex, the gladiator is an amazing scanner, and very easy to uninstall.

free, it's also an anti trojan

download it, update it, run it.

it's not real time, so you need something TURNED ON, in the backround, but this is one hell of a scanner, so get it

 

[Alex_is_Axel]

could you please post a link for me to be able to get Gladiator please dealer

Thank you, it sounds interesting :happy:

 

[Alex_is_Axel]

nevermind Dealer , i found it.. hehe

I notice its only Beta at the moment though

Im running it right this very second, so far its found a couple of runtime packages inwhich 2 are warnings?

 

[Alex_is_Axel]

oh and by the way, i finished the Trend Micro System Cleaner yesterday night and it said that it found the virus parite.A inwhich it told me to reboot once the test has fully finished which i did so, i ran the cleaner again and it didnt find anything at all.. sounds like a good sign i guess

 

[Enyo]

Everything sorted then!

Give your system a pass with NAV and GAV again to make sure!

You should not have any ill effects from this virus, once its cleaned and gone everything will return to normal.

Also GAV is still in beta your right, but its in its 3rd release now and is as final a beta as you can get IMO.

Nothing better than to spend a weekend scanning for viruses

 

[damnyank]

Interesting story about you not wanting to run background programs - I have 512 and would never think about turning off my NAV - but to each their own - I don't do games - so a little slow and safe is better for me!

Glad ya got it sorted!

 

[Friend of Bill]

Provided you have proper partitioning and decent back-up utility, I would overwrite the infected partition with the most recent "clean" image, and protect yourself from those unfortunate virus situations.

 

[Alex_is_Axel]

LOL.. i dont actually think i have everything all sorted yet but im not sure. NAV however did not find any infected files but i am yet still runnig GAV at the moment and so far it has found:

Infected Files = 0
Warnings = 7
Runtime-Packed = 87
Archives = 283

What are these runtime-packed and what are the archives for?

Also, i notice on some of the warning restults "warning: runtime-packed systemfile".. what does this mean exactly?

ive scanned 37141 files out of 39031 so not long left to go

Hopefully at the end of this GAV, everything should be sorted

 

[Alex_is_Axel]

ok now i am slightly confussed over GAV

Its completed the scanning but has it cleaned up anything? it found 9 warnings.. does this mean that those warnings are now gone or do i have to remove them myself?

It didnt find any viruses though.. thank god! hehe

 

[Enyo]

The warning can be "safe" and normally are but because the bad programmers as well as the good often use RT packers to pack, say trojan servers or worms GAV will flag it so that the user can evaluate if it is a threat or not.

Just leave them unless its in a really off the wall location with a bizzare name!

 

[Alex_is_Axel]

i think i will leave them then and hope for the best

Thank you for your help everyone, especially DamnYank and Enyo, you da best!

I will however, just incase, will run a NAV virus check & Trend virus check & GAV virus check tonight just to make sure everything is gone and disapeared and i will let you know how it went

Also, just to let everyone know which you may be pleased about, im keeping NAV running in the background now and i have done since last night.. its been touch and go but im working around the used resources hehe lol

Thank you everyone

Sincerly Alex