?
Solved

Virus problems! Pinom.J worm

Posted on 2004-04-30
8
Medium Priority
?
1,160 Views
Last Modified: 2010-04-11
Hello, i completed a full avg virus scan on my PC, which found and removed Worm/Pinom.J from a file called SETUP.EXE that had been copyed to some of my shared folders.
I am unable to access websites like www.grisoft.com symantec, sofos etc, any antivirus website...
Can anyone advice me?

madlan.
0
Comment
Question by:madlan
  • 5
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
anil_u earned 1200 total points
ID: 10963382
Some viruses add urls to the "hosts" file, find this file on you PC, this should be in
c:\WINNT\system32\etc
open it with notepad
and then delete all of them except
127.0.0.1       localhost

for example there will be one that says
127.0.0.1      www.symantec.com

when you try to go to this site, it looks at the host file, then uses the static ip assigned to symantec.com which is 127.0.0.1, which is a loopback address, ie your machine, thats why you get an error beacuse it goes to 127.0.0.1, removing this line will allow you to access symantec.com

After that you should be able to access the required sites, do the upadtes and you should be fine.


Hope I could help

Enjoy
Anil
0
 
LVL 1

Author Comment

by:madlan
ID: 10963527
I cant seem to find the host file? (win XP home)
All 5 pcs on the network have the same problem, same sites cant be accessed.
i notice that 172.0.0.1 appears in the status bar while connecting to said websites.

madlan.
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963559
This is a private address.
Try this:
Go to start->Search->Find files and folder->hosts*.*

The host file has not got an extention like .exe. But it will definately be there.

On XP it should be on c:\windows\system32\drivers\etc



0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 1

Author Comment

by:madlan
ID: 10963587
OK, i found it:
C:\WINDOWS\system32\drivers\etc\Hosts

and you were right! thankyou!

Do you know anything about this virus? i cant find any information on it.
Just want to make sure its not damaged anything else...

thankyou

----------------------------------------------------------------------------------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost





127.0.0.1      www.symantec.com
127.0.0.1      securityresponse.symantec.com
127.0.0.1      symantec.com
127.0.0.1      www.sophos.com
127.0.0.1      sophos.com
127.0.0.1      www.mcafee.com
127.0.0.1      mcafee.com
127.0.0.1      liveupdate.symantecliveupdate.com
127.0.0.1      www.viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      f-secure.com
127.0.0.1      www.f-secure.com
127.0.0.1      kaspersky.com
127.0.0.1      kaspersky-labs.com
127.0.0.1      www.avp.com
127.0.0.1      www.kaspersky.com
127.0.0.1      avp.com
127.0.0.1      www.networkassociates.com
127.0.0.1      networkassociates.com
127.0.0.1      www.ca.com
127.0.0.1      ca.com
127.0.0.1      mast.mcafee.com
127.0.0.1      my-etrust.com
127.0.0.1      www.my-etrust.com
127.0.0.1      download.mcafee.com
127.0.0.1      dispatch.mcafee.com
127.0.0.1      secure.nai.com
127.0.0.1      nai.com
127.0.0.1      www.nai.com
127.0.0.1      update.symantec.com
127.0.0.1      updates.symantec.com
127.0.0.1      us.mcafee.com
127.0.0.1      liveupdate.symantec.com
127.0.0.1      customer.symantec.com
127.0.0.1      rads.mcafee.com
127.0.0.1      trendmicro.com
127.0.0.1      www.trendmicro.com
127.0.0.1      www.grisoft.com
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963626
Yes it look fine
delete the following

127.0.0.1     www.symantec.com
127.0.0.1     securityresponse.symantec.com
127.0.0.1     symantec.com
127.0.0.1     www.sophos.com
127.0.0.1     sophos.com
127.0.0.1     www.mcafee.com
127.0.0.1     mcafee.com
127.0.0.1     liveupdate.symantecliveupdate.com
127.0.0.1     www.viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     f-secure.com
127.0.0.1     www.f-secure.com
127.0.0.1     kaspersky.com
127.0.0.1     kaspersky-labs.com
127.0.0.1     www.avp.com
127.0.0.1     www.kaspersky.com
127.0.0.1     avp.com
127.0.0.1     www.networkassociates.com
127.0.0.1     networkassociates.com
127.0.0.1     www.ca.com
127.0.0.1     ca.com
127.0.0.1     mast.mcafee.com
127.0.0.1     my-etrust.com
127.0.0.1     www.my-etrust.com
127.0.0.1     download.mcafee.com
127.0.0.1     dispatch.mcafee.com
127.0.0.1     secure.nai.com
127.0.0.1     nai.com
127.0.0.1     www.nai.com
127.0.0.1     update.symantec.com
127.0.0.1     updates.symantec.com
127.0.0.1     us.mcafee.com
127.0.0.1     liveupdate.symantec.com
127.0.0.1     customer.symantec.com
127.0.0.1     rads.mcafee.com
127.0.0.1     trendmicro.com
127.0.0.1     www.trendmicro.com
127.0.0.1     www.grisoft.com


Then save the file, then try to access nai.com or symantec.com etc


0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963645
Regarding the virus
have a look at
http://www.sophos.com/virusinfo/analyses/w32cissic.html
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963829
Hey did that work, anyways glad I could help :)

Please dont forget to allocate the points.

Thanks
Anil
0
 

Expert Comment

by:ISKPatel
ID: 11194690
Dear this is all Worm
i have a site where u remove this all problums
see this
www.pandasoftware.com/activescan/default_com.asp
this is onlive traking & cleaning+scanning tools for any worm & virus ..
plz chk it out
Best regards
ISKPatel
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question