Save anything you want to keep and format the HD, then do a reinstall. I'd say any other method is a waste of your time.

/RID

Don't backup any .exe files or screensaver files as these appear to be the only ones affected by this trojan which is described by Trend Micro as a non-destructive trojan apart from the fact that it infects the files.

They apparently have a tool (http://www.trendmicro.com/ftp/products/tsc/sysclean.com) which cleanses the system and, if what they say about being non-destructive is true, then the .exe files should be restored back to normal.

Because it infects Explorer.exe, obviously cleansing should be done under full DOS which is why the cleanup tool is a .com file. (remember to bin your boot floppy afterwards if using it to boot into DOS).

Check here for details: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A

This virus is also known by other variants/aliases:

W32.Pinfi (Symantec)  
W32/Parite-B (Sophos)  
W32/Parite.B (F-Prot)  
W32/Parite.B (Panda)  
W32/Pate.b.tmp (McAffee)
Win32.Parite.b (AVP)  
Win32.Pinfi.A (CA)

http://vil.nai.com/vil/content/v_99690.htm

 

So do you want to open existing exe's but cant, if thats the case then its a registry problem,
check
HKEY_CLASSES_ROOT\ exefile\ shell\ open\ command Registry key. The correct data for the (Default) value should be
 "%1" %*

but it sounds like the virus has ruined you, should backup important files, none that have been infected and format.

remember to change "regedit.exe" to "regedit.com"; of course back up the regedit.exe first... just in case

and then follow jaygaz's way to modify the registry.

The reason it isn't opening your .exe files is because they will probably all have been increased in size by an extra 177,917 bytes because of the infection in them.

You may also have an additional registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF

Delete the value "PINF"

Sites keep indicating that this is non-destructive, so once cleaned in Full DOS mode and the registry key removed (along with any actions other web sites may suggest)there is no reason to fear the worst.

Appends itself to Explorer.exe to remain memory-resident.

The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.

Creates a temp file in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile this virus creates will always have the following name:

[3 random letters][4 random hexadecimal digits].tmp

The file it creates is a UPX packed executable file. The temporary file will be executed by the virus, and it is this file that will attempt to infect files over network shares.

Maybe the system files are now corrupted beyond fixing, but it's worth a try.

thanks guys but these didn't solve any problems...i've already cleaned the system with trend micro and i've also reversed the PINF from the registry...but to no avail...

Looks like a backup of essential documents etc. (no .exe files to be included) and a format and reinstall.

After using AntiVirus software to "cleanse" a system, always be sure to power off and leave it for a while to let everything drain from RAM memory.  Don't just reboot as occasionally remnants have been left in memory.

No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ - no points refunded

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer