|
had virus--think it's gone--computer still kooky
|
Heddi
12/23/02
|
Downloaded some software from Kaaza the other night---thought the anti-virus software was updated and it wasn't :-/
A day later, found out that we were infected with the W32.pinfi virus.
Cleared it off (use Norton Anti-virus) and now computer acting funky--
we use IE 6.0.xx--problems are many:
pages lock up if more than one browser window open at a time
computer temporarily 'freezees' when entering text into a text box and either 'arrowing-down' or 'tabbing' to next text box. Freeze lasts about 20 seconds, then cursor appears.
Upon "entering" or clicking "okay" tab (or other 'entry' tab after text box--like on Google, or the "Post message" button at the bottom of this screen), the computer will temporarily freeze for about 20 seconds, then proceed to the next page.
I am on broadband internet connection, and do not think that it is the internet connection that is causing the hangups.
WE have tried uninstalling IE 6 to re-install, but computer freezes at the uninstall page.
Also, we use Outlook, and as of the day we downloaded the software, Outlook has prompted us for password and log-in (we use hotmail) at each opening of Outlook, and does not save this information as it has done in the past 5 years we've used it.
When using Outlook Express, this problem isn't evident.
I've continued running virus scans on the computer, and feel that my only option from this point is to totally wipe out the hard-drive and re-format it, although I'm a bit...hesistant to do this.
Any troubleshooting tips I can get? Anything would be helpful, and please let me know if I can provide more info to help ya out.
Thanks so much!
Heddi
|
Liam
12/27/02
|
I've got a similar problem, same virus, W32.Pinfi - WinXP...one thing i've noticed is that my processes no longer have any usernames?! Do you have a similar symptom?
|
Chris
stewart6034@aol.com
01/29/03
|
I had the same virus, and after removing it using Norton, I am unable to run Internet Explorer, unable to uninstall or reinstall Internet Explorer, and am extremely pissed off because of it. All those --s out there spreading viruses need to have their balls cut off and fed to them.
|
ed
01/29/03
|
what doyou guys expect when using kazaa! 90% kazaa usures get viruses and tojans and worms oh my. and always end up reformatting their hard drives. That's your solution you must reformat.
|
Peter
02/02/03
|
Yes! I recently got the Win32 parite W32.Pinfi and I also used Norton to remove it. Though the executable files that got infected often get damaged by the virus or Norton when I tries to repair them, so I simply reinstalled Windows 98.
However I had to get new program files for almost any program I had because of the virus.'
I suggest you do the same, but be absolutely sure that the virus i totally removed first.
|
Doug
02/04/03
|
Just started to copy a couple of program CD's from someone and Norton warned of the Win32.Pinif. I stopped copying and scanned whole system with Nortons and searched all system drives. No sign of the virus except on the offending disks. Am I off the hook? I'll keep my fingers crossed.
|
Ali
02/05/03
|
LOL I reformatted my mom's computer night before last trying to get rid of this virus, and after reinstalling windows, it was still there. I debugged the thing, fdisked, formatted, formatted and formatted again. Then I wiped the hard drive and zero'd it out, twice. I started the reinstall and went to bed. We shall see this afternoon if that virus is finally gone ;-)
|
Kaz
02/13/03
|
Are yuo using Win ME or XP?? Did you disable your system restore before running the scan??
See my post for instructions.. it is IMPERATIVE that this is done to get proper'deletion' of a virus. It may be hiding in your system restore files, and will not be deleted because the 'file is in use'
|
Kaz
02/13/03
|
Sorry, my post is title "BEFORE U SCAN 4 VIRUS" IMPORTANT
|
blarg
02/14/03
|
This stupid virus is still resident in my system. I am running Win2000, and I have already tried cleaning the infected files, quarantining (but not deleting, because some are files I need), and removing the registry key. I have rebooted in safe mode and removed all temporary files. Still, nothing's helping... that stupid registry key is back AGAIN. For some reason, I don't have the DOS version of Norton 7.6, so I can't start up in DOS to repair files. I don't want to have to reformat... some of the programs I have I do not want to have to reinstall. Not a fun way to spend the weekend. I wish I could get my hands on the little pr*ck who wrote this.
Anyway, any suggestions to help me get my system back running? What I'm most worried about, more than reformatting, is keeping some files I have on another partition while I format the main partition. They may register as clean before the format, but I don't want those files to stab me in the back after I reformat. What can I do?
|
FMJ
02/16/03
|
i have a q about this virus:
i got it on my comp :'(
i reformatted :O
i saved some files on some zip disks :)
some were infected :(
i caught them before i put them on my actual hard drive, they are still on the disks :|
i fixed them with norton, so is it okay to put them back on my hd, or should i just ditch the programs i had in there?
|
John De-love Eshun
kwashun@yahoo.com
02/17/03
|
i had virus sysrnj.exe i deleted it still i cant open any program.
i cant open this programes
system,add/remove program,add/new hardeare etc.
Also i cant find win98setup.
I hope you can help me.
John
|
gtx
fatalvelocity@yahoo.com
02/23/03
|
Hi, you have to restore the pstores.exe file.
Search in Microsoft Knowledge Base for that function and pstore.log, if you have that file in your hd you have a bar repaired pstores.exe file. Search there how to fix it (the registry part) then extract pstores.exe from your windows installation cd and run "c:\windows\system\pstores.exe -install in
the dos shell, then reboot.
That worked for me, then let me know if it worked for you!
Cheers,
Gtx
|
Alvaro
sancaballero@yahoo.com
03/08/03
|
Hi, Can't find any info about pstores.exe :(
|
marshy
03/09/03
|
i've deleted the infected file (172kb,in the temp folder)but everytime i start norton it finds infected files again. the virus infectet my wininit.exe and because of this everytime i start windows me says can't find wininit.exe, but continues without any problems. after the start there is a message that windows can't find /P (???wtf???). if i open the startmenue and click on search, there is a new possibility:
folders ,persons ,on i-net and VIRUSES (wtf²).
pstores.exe doesn't work.
sorry for my bad english, i'm german
marshy
|
chrisob
chriob@aol.com
03/18/03
|
i get a problem with the virus called W32/pinfi
please give me a solution to cancel it.
sorry for my english I'm french. Thank you so much.
|
xxampex
03/21/03
|
Removal is very simple, and more to the point finding how to remove it is even eaiser. Go to yahoo, or whatever, (yahoo.com is probially the best,.. biggest) search for the name of the virus,. symantic and a few others will have removal instructions that come up in the search. ALL OF THEM ARE NOT COMPLETE JUST BY REMOVING THE INFECTED EXE's,. this virus patches the registry among other things
|
Alvaro
03/22/03
|
Ok, i simply can't find any info to solve IE problem please help..
|
Here the way to fix
03/23/03
|
Symantec (Norton Antivirus Site):
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
Here the quick way to remove it:
Before you can delete that temp file (that is the source of infection), you will need to remove the registry entry.
First, run a full system scan. Then,
Click Start > Run > type regedit and click OK
Click the + next to the following keys:
HKEY_CURRENT_USER
Software
Microsoft
Windows
Current Version
Scroll down and click on the Explorer Folder (not the + sign) Look in the right hand window for PINF. Right click on this entry and click delete. Collapse the registry tree, close regedit and reboot.
Double click 'My Computer' icon and click 'Tools', 'Folder Options'.
Click the 'View' tab.
Check 'show hidden files and folders' and uncheck 'hide protected operating system files'
|
DJ-DS
03/26/03
|
nice 1 mate i did what u said but im still having problems similar to those heddi is having after removing it
|
Jockrock
mikemac@moose.co.uk
03/30/03
|
I got that virus. W32Pinfi. Infected over 5000 files in a very short period of time. Havoc. I ran the Symantec scan on my hard disc and it cleared everything except the persistent *.tmp file that appears in C:\Documents and Settings\Default User\Local Settings\Temp. Then, everytime I rebooted the bastard would simply start to propogate again. I have been around the forums and know that this is a common problem. I solved it eventually. As follows:
Win XP :
1. Start - Run - Type regedit - Enter - Go to:
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer
In the right window : right click on the PINF folder and delete it.
2. Delete all files in C:\WINDOWS\TEMP and C:\Documents and Settings\Default User\Local Settings\Temp. Empty the recycle bin.
3. If on a network got to Start - settings - network connections - right click on LAN and choose disable.
I then 'right-clicked' on 'MyComputer' on the desktop and the dialog box gives the option for 'System Restore', disable this, make sure it is NOT ticked. Then reboot!
If the virus has been propogating unchecked for any amount of time it will become part of the System Snapshot so everytime you get rid of it, it restores itself! Once you have gotten rid of the Virus for sure you can always enable System Restore again.
|
Roy
04/14/03
|
Temp files
<<2. Delete all files in C:\WINDOWS\TEMP and C:\Documents and Settings\Default User\Local Settings\Temp. Empty the recycle bin
I can't delete these files. There are two. One is write protected and the other is in use constantly (even in safe mode)
Any help?
|
Jeff
04/18/03
|
Had virus and got rid of it but IE was still freezing up.. never mind, just started using Netscape.
|
Vera
04/25/03
|
Using windowsxp, got a virus Parite, norton will not detect, but pops up to tell me its there. Any help?
|
DJ-DS
04/26/03
|
finaly got rid of the virus but im still having problems with IE freezing up like what jeff has wrong.
it happens when IE opens something in a new window eg chatrooms etc, the new widow that opens just freezes up
any help sorting thios would be much apriciated
thx
|
´lala
04/26/03
|
xx
i have that virus too but i dont care my computer is full of viruses anyway
|
p3tros
fideco2002@hotmail.com
04/29/03
|
hey_guys!this_--ing_virus_have_disaBled_my_--ing_spaceBar--my_keyBoard_is_Brant_new.oh,who_wants_some_infected_files_with_w32pinfi?i_have_over_than_100...
|
Imp
04/30/03
|
Hello,
There is here so many posts, that we don't understand at least what's about !!!
There is actually three kinds of betrayals acting into computers :
Standart virus , spreadings via the boots and FATS of any flopy discs, of Hard drive corrupted
Trojan's virus spreading via Doc's files and corrupting a computer by adding a worm into a hiden part of the hard drive, used by hackers to steal informations in a computer
Cookie's spywares spreading via the Net and corrupting your internet connexion which slow down because of the memory used to perform.
To resolve the 1st problem, any anti-virus program correctly updated is working perfectly, as Norton, McAffee, or the bes in the world: Karpersky, all theses programs are to be bought.
To resolve the problem of Trojan's, you need a specific software able to watch the betrayal of Trojan's which are both on the spread and the worm hiden in the hard disk. I recommend for none experienced users to download this wonderful shareware, freeware for one month, able to hunt and eradicate specifics trojan's virus, the program works alone and don't need any manual intervention:
Trojan Remover version 5.03 at:
http://www.simplysup.com/tremover/details.html
I have been saved myself from a very bad corruption by this program, which is the only one to restore a computer to the original configuration as it was before the corruption.
To resolve the problem bigger and bigger made by the cookies spywares, which almost looks like virus but are not virus, I found that excellent program called AdAware version 6.0
This is a freeware on standart version
you find it at :
www.lavasoftusa.com
In conclusion, when you have theses 3 programs in your computer, you are almost safe !!
Good luck..
|
radity
trunks82@plasa.com
05/03/03
|
i-scan my computer with norton 2003 and can't rep
i can't repair exe files that infected pinfi please help me..
|
luke
luke@insuranceprotector.com
05/07/03
|
OK for Win XP users, I finally removed this dam virus.
Here is the copy of first step from some elses post, plus I will post mine at the bottem. But but do this first and follow mine and 2nd step.
Symantec (Norton Antivirus Site):
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
Here the quick way to remove it:
Before you can delete that temp file (that is the source of infection), you will need to remove the registry entry.
First, run a full system scan. Then,
Click Start > Run > type regedit and click OK
Click the + next to the following keys:
HKEY_CURRENT_USER
Software
Microsoft
Windows
Current Version
Scroll down and click on the Explorer Folder (not the + sign) Look in the right hand window for PINF. Right click on this entry and click delete. Collapse the registry tree, close regedit and reboot.
Double click 'My Computer' icon and click 'Tools', 'Folder Options'.
Click the 'View' tab.
Check 'show hidden files and folders' and uncheck 'hide protected operating system files'
OK, once you have done above procedures, some ppl still can't delete the *.tmp files and few *.exe files... Reboot your computer with WinXP installation CD and go into repair mode. Now, delete all the *.tmp files that was listed from th anti virus program as unrepairable. Second locate all the *.exe files that was on the list and rename them with diffent file extension, perhaps "123" or something else.
reboot the computer then rescan for virus with extension you created. This time anti virus program should be able to repair the files. Once done, rename those files that you renamed back to its original file extension.
Finally do full rescan of your hard drive and see there is any other those dam virus.
|
doghead
excession100@aol.com
05/09/03
|
oh-oh
just downloaded a file from kazaa and was just hovering my cursor towards the file to open it up, when AVG Resident Sheild warned me that it had detected the Win32 Parite virus.
It recommended a full scan (which is currently still in progress and I see that it has detected 1 infected file so far containing the Win32 Parite virus.)
Just ran a search of the Win32 Parite virus whilst the scan continues and realise from this thread what a total bitch of a virus this one can be.
Hoping - like Doug - that I've caught it in time and the fact that I didnt open the file but just downloaded it will not cause it to spread and hoping it can be removed. Will soon find out.
|
doghead
excession100@aol.com
05/09/03
|
Well AVG full scan recommended moving the 1 infected Win32 Parite file to the AVG virus vault which I did.
In there I tried the AVG heal function but it wouldn't heal. So I tried the full delete option and it successfully deleted the Win32 Parite.
Hoping thats the end of it.
AVG is a FREE AntiVirus Scanner by the way and certainly would recommend it if you don't have any kind of virus protection. Also AVG periodically supplies you with the lastest virus definitions for FREE so you keep uptodate with the latest protection measures against new viruses.
If AVG has just saved me (that's if it has trully forewarned me of the virus and successfully deleted it all) then I really owe AVG a big thank you considering the damage Win32 Parite has caused so many ppl here to suffer.
|
sumel
sumelbrar@rediffmail.com
05/11/03
|
the same win pinfi virus..i tries everything ...even tried to modify the registry but the registry.exe file is also infected..disc is also not getting formatted..any solution??
|
sandmanz
05/11/03
|
had virus--it's gone--computer screwed
This virus somehow crossed my partitions and infected 110 gb of files I had!!
Used Norton to remove. One or the other distroyed several of my exe programs Thats ok I ll get new ones, Just took 1 day to fix
Now will reformate to confirm this bug is gone
should have had a virus scanner but I personally think these companies pay people to
make these viruses so they can get more business
any thoughts on that one..
|
Baddflash
baddflash@hotmail.com
05/14/03
|
W32.Pinfi
Just ran into this virus, after 6 hours setup on a customer machine last thing I did was copy her back up to the computer and viruses everywhere. 20 infections in 5 min. Zero filled drive, Rewrote MBR, Full format, quick format, reinstall all software, clean no virus. I don't trust trying to access the backups not too sure what to do, any help would be appreciated
|
doghead
05/19/03
|
Think this has already been stated... re System Restore...
My AVG Shield detected the virus on a file I download just before I opened the file. AVG successfully deleted the virus.. but later a new AVG full scan show the same Win32.Pinfi lurking in the system restore so had to get rid off that too.
|
o2dazone
05/20/03
|
Today, was the final conquer of Pinfi. First off, it generates a registry key, not to mention the evil .tmp files it creates. This is what I did step by step and it got rid of it.
1. I got NAV2k3 and searched my entire machine, only to find 1123 infected files, and 1122 fixed files. The one last file that wasnt fixed was a .tmp (which NAV2k3 CANNOT download no matter how up-to-date your virus def. are)
2. I rebooted in safe mode and scanned again. Found a few more files infected, along with just about every EXE found on my machine. I found out that, it generates random .tmp files that hold the code to the virus inside. These viruses have a random 3 character name, followed by a number. (I had mna1.tmp and ouj6.tmp) I went into my Temp folder c:/docs and settings/*USERS*/local settings/temp and I deleted the entire folder, not just the files inside, but everything. I went into my other users folders and deleted their temp to. It seems it really only stores itself inside the Temp folder.
3. I checked online and found that it adds a registry key called PINF inside HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer -i used regedit and deleted that as well.
4. I rebooted in safe mode once again, and scanned my machine for a final time. No infection, no unfixed files, gone
I did notice side efffects. My taskmgr.exe stopped working, so I had to go into c:/windows/lastgood and grab the good one there. I also had a problem with my Windows Messenger starting back up (even though I shut it off when I first installed XP) - so I went into the registry and turned that off too.
|
J.Eagle
m2k1@hotmail.com
05/23/03
|
Just a thought. If you have access to a floppy drive (I've notice some newer computers are not coming with a floppy drive) and a DOS boot disk perhaps you could boot up with the DOS floppy and delete the data file/s that the virus is using for access. I have not had (and I hope not to get) this virus so I am not positive this would be a viable solution but thought it worth mentioning for those who might not have thought of a DOS floppy as a possible solution.
Good Luck and hope I hepled in some way.
|
Viro pate man
viro@pate.man
05/23/03
|
BIG SOLUTION: if you want to save fix repaiir some of your valuable .exe files: i have just tried f-prot anti v and it is great but kills all the exe's it repairs.
you may want to rename .exe as .rar and extract the contents somewhere before killing the exe and then rescan the contents to see if it is damaged..
apparently trojan remover "saves the exe's if the man who said this is not a monkey:
Trojan Remover version 5.06 at:
http://www.simplysup.com/tremover/details.html
I have been saved myself from a very bad corruption by this program, which is the only one to restore a computer to the original configuration as it was before the corruption.
1707 files infected... oops
silly me so much for being too poor a student to buy all the antiviral crap. wep
|
Brad Fuqua
beatindemgutz@aol.com
06/03/03
|
The problem you people are having with IE is quite simple. The PINFI virus lies dormant in Explorer.exe so it can remain memory resident. If you run a virus scan, it wont delete the virus out of IE because it is in use and the virus will simply replicate itself after you repair all your files. IN TASK MANAGER YOU HAVE TO END PROCESS ON EXPLORER.EXE BEFORE RUNNING THE SCAN SO IT CAN REPAIR THE FILE OR IT WILL REPLICATE ITSELF. **my steps are as follows:
ON XP
1. Disabled system restore (IT WILL SAVE A COPY OF THE VIRUS AND REINFECT U..MUST BE TURNED OFF TO DELETE THE VIRUS)
2. deleted registry entry PINFI
3. deleted the whole windows\TEMP folder and all contents into recycle bin.
4. deleted temp folder from documents and settings\Default User\Local Settings\TEMP
5. **EMPTY RECYCLE BIN**
6. Open Your Antivirus Software, before you scan open TASK MANAGER and end process on Explorer.exe and run your virus scan (full system)
7. Reboot, POOF virus is gone and no longer detected on my SYSTEM.
Thanks I hope it didnt cause too much damage as it did on mine, this virus is a real MuthaFu**er
|
