|
W32.Pinfi Virus Re-Boot Question
|
Jordan
cha0sj@yahoo.com
07/26/03
|
okay..i had the W32.Pinfi Virus on my harddrive or whatever i am 15years old and dont know too much about computers. I think i succesfully deleated this virus by going through regedit and deleating that Pinf file. How do i know for sure that it is gone? Before i did this i had some problems with my desktop. #1. when i went to run and typed in regedit and hit OK it automatically exited out of the window. #2. when i held down ctrl+alt+del the window would pop up and then within two seconds the window would close. Now after i have deleated the Pinf file i can now do regedit and hold down ctrl+alt+del without the window closing. my only question is when i re-boot my computer it logs on to windows xp very very very slowly. it used to log on fine when i ddint have the virus. can someone help me out with my problem. e-mail me or reply to this post. cha0sj@yahoo.com that is my e-mail
|
Mikey B
n/a
07/27/03
|
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus is also capable of spreading via mapped drives and network shares. This virus is primarly found on peer to peer file sharing web sites. It is very common on KAZA. Uploaded by anyone with access to the Kaza Network.
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
1. Adds the registry value:PINFto the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
2. Appends itself to Explorer.exe to remain memory-resident.
3. Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
4. W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file it creates is a UPX packed executable file. The temporary file will be executed by the virus, and it is this file that will attempt to infect files over network shares.
Use this URL on symantec to remove the virus completly. http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
|
runtsrule
runtsrule@aol.com
09/04/03
|
did symantec steps for WIN32.PINFI
1. turn off system restore
2. updated virus def.
3. restart in safe mode.
4. scan for virus, repair files.
-- attempting #5 --
5. reverse value virus added to registry.
there is no "PINFI" located in
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
but last time i did all of these steps, restarted and the virus came back because it was still on the computer somewhere. i was told this final step would stop that but i can't fix it.
|
Jason
jcrinka@yahoo.com
10/05/03
|
What's up, guys. Man, I've got the same f-ing problem. I delete the PINFI key in the reg, clear out the crap it puts in the temp folder, and reboot-- and it's back. Every time. I can't get rid of this damn thing, and its starting to crash stuff like Norton AntiVirus among other things. Drop me an email if you figure out what to do. Maybe a service process is triggering it?
|
