Solved

Virus problems! Pinom.J worm

Posted on 2004-04-30
8
1,133 Views
Last Modified: 2010-04-11
Hello, i completed a full avg virus scan on my PC, which found and removed Worm/Pinom.J from a file called SETUP.EXE that had been copyed to some of my shared folders.
I am unable to access websites like www.grisoft.com symantec, sofos etc, any antivirus website...
Can anyone advice me?

madlan.
0
Comment
Question by:madlan
  • 5
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
anil_u earned 300 total points
Comment Utility
Some viruses add urls to the "hosts" file, find this file on you PC, this should be in
c:\WINNT\system32\etc
open it with notepad
and then delete all of them except
127.0.0.1       localhost

for example there will be one that says
127.0.0.1      www.symantec.com

when you try to go to this site, it looks at the host file, then uses the static ip assigned to symantec.com which is 127.0.0.1, which is a loopback address, ie your machine, thats why you get an error beacuse it goes to 127.0.0.1, removing this line will allow you to access symantec.com

After that you should be able to access the required sites, do the upadtes and you should be fine.


Hope I could help

Enjoy
Anil
0
 
LVL 1

Author Comment

by:madlan
Comment Utility
I cant seem to find the host file? (win XP home)
All 5 pcs on the network have the same problem, same sites cant be accessed.
i notice that 172.0.0.1 appears in the status bar while connecting to said websites.

madlan.
0
 
LVL 8

Expert Comment

by:anil_u
Comment Utility
This is a private address.
Try this:
Go to start->Search->Find files and folder->hosts*.*

The host file has not got an extention like .exe. But it will definately be there.

On XP it should be on c:\windows\system32\drivers\etc



0
 
LVL 1

Author Comment

by:madlan
Comment Utility
OK, i found it:
C:\WINDOWS\system32\drivers\etc\Hosts

and you were right! thankyou!

Do you know anything about this virus? i cant find any information on it.
Just want to make sure its not damaged anything else...

thankyou

----------------------------------------------------------------------------------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost





127.0.0.1      www.symantec.com
127.0.0.1      securityresponse.symantec.com
127.0.0.1      symantec.com
127.0.0.1      www.sophos.com
127.0.0.1      sophos.com
127.0.0.1      www.mcafee.com
127.0.0.1      mcafee.com
127.0.0.1      liveupdate.symantecliveupdate.com
127.0.0.1      www.viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      f-secure.com
127.0.0.1      www.f-secure.com
127.0.0.1      kaspersky.com
127.0.0.1      kaspersky-labs.com
127.0.0.1      www.avp.com
127.0.0.1      www.kaspersky.com
127.0.0.1      avp.com
127.0.0.1      www.networkassociates.com
127.0.0.1      networkassociates.com
127.0.0.1      www.ca.com
127.0.0.1      ca.com
127.0.0.1      mast.mcafee.com
127.0.0.1      my-etrust.com
127.0.0.1      www.my-etrust.com
127.0.0.1      download.mcafee.com
127.0.0.1      dispatch.mcafee.com
127.0.0.1      secure.nai.com
127.0.0.1      nai.com
127.0.0.1      www.nai.com
127.0.0.1      update.symantec.com
127.0.0.1      updates.symantec.com
127.0.0.1      us.mcafee.com
127.0.0.1      liveupdate.symantec.com
127.0.0.1      customer.symantec.com
127.0.0.1      rads.mcafee.com
127.0.0.1      trendmicro.com
127.0.0.1      www.trendmicro.com
127.0.0.1      www.grisoft.com
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:anil_u
Comment Utility
Yes it look fine
delete the following

127.0.0.1     www.symantec.com
127.0.0.1     securityresponse.symantec.com
127.0.0.1     symantec.com
127.0.0.1     www.sophos.com
127.0.0.1     sophos.com
127.0.0.1     www.mcafee.com
127.0.0.1     mcafee.com
127.0.0.1     liveupdate.symantecliveupdate.com
127.0.0.1     www.viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     f-secure.com
127.0.0.1     www.f-secure.com
127.0.0.1     kaspersky.com
127.0.0.1     kaspersky-labs.com
127.0.0.1     www.avp.com
127.0.0.1     www.kaspersky.com
127.0.0.1     avp.com
127.0.0.1     www.networkassociates.com
127.0.0.1     networkassociates.com
127.0.0.1     www.ca.com
127.0.0.1     ca.com
127.0.0.1     mast.mcafee.com
127.0.0.1     my-etrust.com
127.0.0.1     www.my-etrust.com
127.0.0.1     download.mcafee.com
127.0.0.1     dispatch.mcafee.com
127.0.0.1     secure.nai.com
127.0.0.1     nai.com
127.0.0.1     www.nai.com
127.0.0.1     update.symantec.com
127.0.0.1     updates.symantec.com
127.0.0.1     us.mcafee.com
127.0.0.1     liveupdate.symantec.com
127.0.0.1     customer.symantec.com
127.0.0.1     rads.mcafee.com
127.0.0.1     trendmicro.com
127.0.0.1     www.trendmicro.com
127.0.0.1     www.grisoft.com


Then save the file, then try to access nai.com or symantec.com etc


0
 
LVL 8

Expert Comment

by:anil_u
Comment Utility
Regarding the virus
have a look at
http://www.sophos.com/virusinfo/analyses/w32cissic.html
0
 
LVL 8

Expert Comment

by:anil_u
Comment Utility
Hey did that work, anyways glad I could help :)

Please dont forget to allocate the points.

Thanks
Anil
0
 

Expert Comment

by:ISKPatel
Comment Utility
Dear this is all Worm
i have a site where u remove this all problums
see this
www.pandasoftware.com/activescan/default_com.asp
this is onlive traking & cleaning+scanning tools for any worm & virus ..
plz chk it out
Best regards
ISKPatel
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now