Got a virus :-/ W32.Pinfi <=

[Hipnotic_Tranz]

Yep, so my computer started acting a little crazy, thought I might scan my drive with that free site that floats around (forget the name) It found a virus called P Partie.A (if I remember correctly) Tried to clean it with that website and it didn't work. Installed Norton 2002 and it finds it as "W32.Pinfi" but is unable to clean my machine.

Haven't been able to find out too much, though I'm still looking. It places a 172kb randomly named temp file on your drive and infects all executables (yeah, it's a bitch!) It also infects any other PC's accesable on the network so needless to say it infected my backup.

I don't really know what it does beyond that but either way I want it off! Any suggestions?

[edit]
hears a good info page:
http://vil.nai.com/vil/content/Print99690.htm

But I want instructions to get rid of it, I don't care the history behind it! I see I have to disable "System Restore" but I've looked in "services" under Win2k and I dont' see it.

[FlyingPenguin]

Seems to be very new, but it looks like the latest NAV definitions will detect and clean it. Don't know if it tampers with your registry.

Damn little info on Symantec's site:
http://securityresponse.symantec.com/av ... 33106.html

I'd just take the usual virus cleaning steps: disconenct from the network and disable System Restore, then do a system scan.

I'd also check the Startyo to see if there's anything suspicious looking being run when the computer boots.

If you have a recent Ghost image of your boot partition you might just want to restore that then scan the other drives. That's why I Ghost my boot partition once a month.

[Hipnotic_Tranz]

I do the same (ghost my boot partition) Last ghost was, coincidentally, about a month ago. My PC was actin' weird so I loaded up that old image--now it seems just as bad if not worse. I'm thinking that since it infected all the exec's then it won't matter. I'll have to basically format C, D, & G (windows, games, and misc drive) and only keep my music/movies since thats the only two partitions that don't have anything on 'em (no exe's thus no virus). Too much of a bitch, I just need to clean it.

Right now the rest of the machines are disconnected from the network so it's only my machine. Where I can locate "system restore?" And yeah I've noticed, symantec has hardly anything on it.

[blade]

Found this
http://www.computing.net/security/wwwbo ... /3880.html

Run Norton. When Norton is finished,
Click Start > Run > type regedit and click OK
Click the + next to the following keys

HKEY_CURRENT_USER
Software
Microsoft
Windows
Current Version
Explorer

Scroll down and right click on the PINF folder and delete it. Reboot. Then delete everything in C:\Windows\Temp



**Edit

and this
http://vil.nai.com/vil/content/v_99690.htm

Scroll down to the bottom, they say pinfi is an alias.

[Hipnotic_Tranz]

Yeah, I've seen all those blade & tried it and no go. The registry key just pops back in there each time I reboot and i can't delete those temp files. I'm getting frustrated. About to format & forget.

[blade]

Damn

You try the free av at http://www.grisoft.com? It's found and removed some viri that norton could not. Plus they updated on the 9th.

[Hipnotic_Tranz]

Thanks, I'll try that. I just bought some CD-RW's tonight by coincidence and I figured I'd burn all misc files that weren't infected (like my pictures, config files, etc) but the virus infected nero.exe and now nero won't run cause it doesn't like that it's exe has been modified

[edit]
%@#$*@#%$*@&#$ Tried to run that setup blade, gives an error and tells me to contact my vendor :| Grrr :| :| :| :| :| :|

[align=center]:| :| :| :| :| :| :|
:| :| :| :| :| :| :| :| :| :| :| :| :|
:| :| :| :| :| :| :|[/align]

[blade]

The virus must have infected the av .exe preventing the install.


Been searching around on this virus and it is still very new as FP said. All I could find is some end up formatting. A few said even then they couldn't format, as one here said.
http://miataru.computing.net/windowsxp/ ... 50382.html

If that's the case then I'd suggest a low level format. If you do that it removes all partitions so basically you start back over like it's a new hard drive.


Still searching, if I find anything usefull I'll post it.



Any idea how you got this?

[d_b]

Hope this helps

Good Luck,

dan

[Hipnotic_Tranz]

Thanks d_b. I remember seeing that while I was browsing through sites, however something weird (I'll have to try it again now that I've re-installed windows ) I've <i>never</i> been able to get into safe-mode. I don't know if it has something to do with my <del>totally legit</del> windows CD or not (I get errors with setup not being able to copy certain files, but windows works).

When I went to format my games partition, I had problems doing a low-level format. It would hang at 27% and would pop up funky characters (characters of playing cards and such) so I just did a quick format, scanned the drive and tried to do another low-level and it still hung. So I decided I'd just install windows and I formatted again in windows even though the drive looked fine unno:

Thanks guys, even though it was all in vein since I formatted

[marscheese]

did you format all the misc. files you wanted to back up? I could run over a hard drive, and you could just copy them all over if you want...

[Hipnotic_Tranz]

I formatted my misc partition, but I kept all my pictures/documents & other non-executable files that weren't infected so if you happen to have all that stuff (my patches & misc-files dir are the big ones) then that would be sweet. I didn't know you copied my misc drive? Might wanna check your computer for the virus as well, seeing as how I was on your network & it travles through any accessable resource

That'd be pretty sweet though, cause I do need all those pictures from the SW convention as well, so maybe I'll do that. Just give me a call sometime today if you aren't busy....but check it for virus first I don't want that shit back on my computer

http://housecall.antivirus.com/housecall/start_corp.asp

[edit]

Any idea how you got this?

I'm sure it's not my constant downloading of files off of kazaa....nah, couldn't be! (specifically duke nukem, manhatten project--this is what I'm starting to believe did it cause it was the only <i>software</i> I installed from kazaa in, like, a one month period)

[CaterpillarAssassin]

Yeah I make sure I scan EVERYTHING i get off of kazaa. Hate to lose all my stuff, ya know. Up until a few months ago I didnt really actively use any antivirus software. Now I see it as a must, I recommend it to all my customers.

[marscheese]

I haven't experienced any problems (and neither has matt, given that he was hooked up to the network as well). Is it only people on your domain, or all the people on the network? In anycase, I'll probably run something over tonight or tomorrow...

[Hipnotic_Tranz]

It passes through <i>any</i> available network resource wheather it be the same workgroup/domain/whatever. Only exception is that if it's required that you need a password to access the drive (I know I needed a password for matts computer so I'd assume it would be the same for you). However, I did log into matts so it would have been accessable at that point.

I'm pretty sure that it's not on any of your guys system since I'm pretty darn sure it was Duke that had it and I downloaded duke way after we had that 'lil lan party. I'm half tempted to download it again on another machine and run a virus scan over it.