|
Xp Boot Slower After Virus??
|
Jordan
cha0sj@yahoo.com
07/26/03
|
hello everyone,
i just have recently got rid of that horrible Win32.Pinf virus..but now my xp is booting alot slower than usualy...like after the windows picture comes up right before you log into your account..it goes to a black screen and then sits there for about 2-3 min then i boots up and goes into xp..anyone know how i can fix this problem..pleaes IM me on aim: hehsoccer14 or e-mail me: cha0sj@yahool.com or reply to this post. bye and ty
|
Mikey B
n/a
07/27/03
|
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus is also capable of spreading via mapped drives and network shares. This virus is primarly found on peer to peer file sharing web sites. It is very common on KAZA. Uploaded by anyone with access to the Kaza Network.
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
1. Adds the registry value:PINFto the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
2. Appends itself to Explorer.exe to remain memory-resident.
3. Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
4. W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file it creates is a UPX packed executable file. The temporary file will be executed by the virus, and it is this file that will attempt to infect files over network shares.
Use this URL on symantec to remove the virus completly. http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
Hope this helps
Mikey B
|
