Solved

Virus problems! Pinom.J worm

Posted on 2004-04-30
8
1,151 Views
Last Modified: 2010-04-11
Hello, i completed a full avg virus scan on my PC, which found and removed Worm/Pinom.J from a file called SETUP.EXE that had been copyed to some of my shared folders.
I am unable to access websites like www.grisoft.com symantec, sofos etc, any antivirus website...
Can anyone advice me?

madlan.
0
Comment
Question by:madlan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
anil_u earned 300 total points
ID: 10963382
Some viruses add urls to the "hosts" file, find this file on you PC, this should be in
c:\WINNT\system32\etc
open it with notepad
and then delete all of them except
127.0.0.1       localhost

for example there will be one that says
127.0.0.1      www.symantec.com

when you try to go to this site, it looks at the host file, then uses the static ip assigned to symantec.com which is 127.0.0.1, which is a loopback address, ie your machine, thats why you get an error beacuse it goes to 127.0.0.1, removing this line will allow you to access symantec.com

After that you should be able to access the required sites, do the upadtes and you should be fine.


Hope I could help

Enjoy
Anil
0
 
LVL 1

Author Comment

by:madlan
ID: 10963527
I cant seem to find the host file? (win XP home)
All 5 pcs on the network have the same problem, same sites cant be accessed.
i notice that 172.0.0.1 appears in the status bar while connecting to said websites.

madlan.
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963559
This is a private address.
Try this:
Go to start->Search->Find files and folder->hosts*.*

The host file has not got an extention like .exe. But it will definately be there.

On XP it should be on c:\windows\system32\drivers\etc



0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 1

Author Comment

by:madlan
ID: 10963587
OK, i found it:
C:\WINDOWS\system32\drivers\etc\Hosts

and you were right! thankyou!

Do you know anything about this virus? i cant find any information on it.
Just want to make sure its not damaged anything else...

thankyou

----------------------------------------------------------------------------------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost





127.0.0.1      www.symantec.com
127.0.0.1      securityresponse.symantec.com
127.0.0.1      symantec.com
127.0.0.1      www.sophos.com
127.0.0.1      sophos.com
127.0.0.1      www.mcafee.com
127.0.0.1      mcafee.com
127.0.0.1      liveupdate.symantecliveupdate.com
127.0.0.1      www.viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      f-secure.com
127.0.0.1      www.f-secure.com
127.0.0.1      kaspersky.com
127.0.0.1      kaspersky-labs.com
127.0.0.1      www.avp.com
127.0.0.1      www.kaspersky.com
127.0.0.1      avp.com
127.0.0.1      www.networkassociates.com
127.0.0.1      networkassociates.com
127.0.0.1      www.ca.com
127.0.0.1      ca.com
127.0.0.1      mast.mcafee.com
127.0.0.1      my-etrust.com
127.0.0.1      www.my-etrust.com
127.0.0.1      download.mcafee.com
127.0.0.1      dispatch.mcafee.com
127.0.0.1      secure.nai.com
127.0.0.1      nai.com
127.0.0.1      www.nai.com
127.0.0.1      update.symantec.com
127.0.0.1      updates.symantec.com
127.0.0.1      us.mcafee.com
127.0.0.1      liveupdate.symantec.com
127.0.0.1      customer.symantec.com
127.0.0.1      rads.mcafee.com
127.0.0.1      trendmicro.com
127.0.0.1      www.trendmicro.com
127.0.0.1      www.grisoft.com
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963626
Yes it look fine
delete the following

127.0.0.1     www.symantec.com
127.0.0.1     securityresponse.symantec.com
127.0.0.1     symantec.com
127.0.0.1     www.sophos.com
127.0.0.1     sophos.com
127.0.0.1     www.mcafee.com
127.0.0.1     mcafee.com
127.0.0.1     liveupdate.symantecliveupdate.com
127.0.0.1     www.viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     f-secure.com
127.0.0.1     www.f-secure.com
127.0.0.1     kaspersky.com
127.0.0.1     kaspersky-labs.com
127.0.0.1     www.avp.com
127.0.0.1     www.kaspersky.com
127.0.0.1     avp.com
127.0.0.1     www.networkassociates.com
127.0.0.1     networkassociates.com
127.0.0.1     www.ca.com
127.0.0.1     ca.com
127.0.0.1     mast.mcafee.com
127.0.0.1     my-etrust.com
127.0.0.1     www.my-etrust.com
127.0.0.1     download.mcafee.com
127.0.0.1     dispatch.mcafee.com
127.0.0.1     secure.nai.com
127.0.0.1     nai.com
127.0.0.1     www.nai.com
127.0.0.1     update.symantec.com
127.0.0.1     updates.symantec.com
127.0.0.1     us.mcafee.com
127.0.0.1     liveupdate.symantec.com
127.0.0.1     customer.symantec.com
127.0.0.1     rads.mcafee.com
127.0.0.1     trendmicro.com
127.0.0.1     www.trendmicro.com
127.0.0.1     www.grisoft.com


Then save the file, then try to access nai.com or symantec.com etc


0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963645
Regarding the virus
have a look at
http://www.sophos.com/virusinfo/analyses/w32cissic.html
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963829
Hey did that work, anyways glad I could help :)

Please dont forget to allocate the points.

Thanks
Anil
0
 

Expert Comment

by:ISKPatel
ID: 11194690
Dear this is all Worm
i have a site where u remove this all problums
see this
www.pandasoftware.com/activescan/default_com.asp
this is onlive traking & cleaning+scanning tools for any worm & virus ..
plz chk it out
Best regards
ISKPatel
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question