Solved

Virus problems! Pinom.J worm

Posted on 2004-04-30
8
1,144 Views
Last Modified: 2010-04-11
Hello, i completed a full avg virus scan on my PC, which found and removed Worm/Pinom.J from a file called SETUP.EXE that had been copyed to some of my shared folders.
I am unable to access websites like www.grisoft.com symantec, sofos etc, any antivirus website...
Can anyone advice me?

madlan.
0
Comment
Question by:madlan
  • 5
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
anil_u earned 300 total points
ID: 10963382
Some viruses add urls to the "hosts" file, find this file on you PC, this should be in
c:\WINNT\system32\etc
open it with notepad
and then delete all of them except
127.0.0.1       localhost

for example there will be one that says
127.0.0.1      www.symantec.com

when you try to go to this site, it looks at the host file, then uses the static ip assigned to symantec.com which is 127.0.0.1, which is a loopback address, ie your machine, thats why you get an error beacuse it goes to 127.0.0.1, removing this line will allow you to access symantec.com

After that you should be able to access the required sites, do the upadtes and you should be fine.


Hope I could help

Enjoy
Anil
0
 
LVL 1

Author Comment

by:madlan
ID: 10963527
I cant seem to find the host file? (win XP home)
All 5 pcs on the network have the same problem, same sites cant be accessed.
i notice that 172.0.0.1 appears in the status bar while connecting to said websites.

madlan.
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963559
This is a private address.
Try this:
Go to start->Search->Find files and folder->hosts*.*

The host file has not got an extention like .exe. But it will definately be there.

On XP it should be on c:\windows\system32\drivers\etc



0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:madlan
ID: 10963587
OK, i found it:
C:\WINDOWS\system32\drivers\etc\Hosts

and you were right! thankyou!

Do you know anything about this virus? i cant find any information on it.
Just want to make sure its not damaged anything else...

thankyou

----------------------------------------------------------------------------------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost





127.0.0.1      www.symantec.com
127.0.0.1      securityresponse.symantec.com
127.0.0.1      symantec.com
127.0.0.1      www.sophos.com
127.0.0.1      sophos.com
127.0.0.1      www.mcafee.com
127.0.0.1      mcafee.com
127.0.0.1      liveupdate.symantecliveupdate.com
127.0.0.1      www.viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      viruslist.com
127.0.0.1      f-secure.com
127.0.0.1      www.f-secure.com
127.0.0.1      kaspersky.com
127.0.0.1      kaspersky-labs.com
127.0.0.1      www.avp.com
127.0.0.1      www.kaspersky.com
127.0.0.1      avp.com
127.0.0.1      www.networkassociates.com
127.0.0.1      networkassociates.com
127.0.0.1      www.ca.com
127.0.0.1      ca.com
127.0.0.1      mast.mcafee.com
127.0.0.1      my-etrust.com
127.0.0.1      www.my-etrust.com
127.0.0.1      download.mcafee.com
127.0.0.1      dispatch.mcafee.com
127.0.0.1      secure.nai.com
127.0.0.1      nai.com
127.0.0.1      www.nai.com
127.0.0.1      update.symantec.com
127.0.0.1      updates.symantec.com
127.0.0.1      us.mcafee.com
127.0.0.1      liveupdate.symantec.com
127.0.0.1      customer.symantec.com
127.0.0.1      rads.mcafee.com
127.0.0.1      trendmicro.com
127.0.0.1      www.trendmicro.com
127.0.0.1      www.grisoft.com
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963626
Yes it look fine
delete the following

127.0.0.1     www.symantec.com
127.0.0.1     securityresponse.symantec.com
127.0.0.1     symantec.com
127.0.0.1     www.sophos.com
127.0.0.1     sophos.com
127.0.0.1     www.mcafee.com
127.0.0.1     mcafee.com
127.0.0.1     liveupdate.symantecliveupdate.com
127.0.0.1     www.viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     viruslist.com
127.0.0.1     f-secure.com
127.0.0.1     www.f-secure.com
127.0.0.1     kaspersky.com
127.0.0.1     kaspersky-labs.com
127.0.0.1     www.avp.com
127.0.0.1     www.kaspersky.com
127.0.0.1     avp.com
127.0.0.1     www.networkassociates.com
127.0.0.1     networkassociates.com
127.0.0.1     www.ca.com
127.0.0.1     ca.com
127.0.0.1     mast.mcafee.com
127.0.0.1     my-etrust.com
127.0.0.1     www.my-etrust.com
127.0.0.1     download.mcafee.com
127.0.0.1     dispatch.mcafee.com
127.0.0.1     secure.nai.com
127.0.0.1     nai.com
127.0.0.1     www.nai.com
127.0.0.1     update.symantec.com
127.0.0.1     updates.symantec.com
127.0.0.1     us.mcafee.com
127.0.0.1     liveupdate.symantec.com
127.0.0.1     customer.symantec.com
127.0.0.1     rads.mcafee.com
127.0.0.1     trendmicro.com
127.0.0.1     www.trendmicro.com
127.0.0.1     www.grisoft.com


Then save the file, then try to access nai.com or symantec.com etc


0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963645
Regarding the virus
have a look at
http://www.sophos.com/virusinfo/analyses/w32cissic.html
0
 
LVL 8

Expert Comment

by:anil_u
ID: 10963829
Hey did that work, anyways glad I could help :)

Please dont forget to allocate the points.

Thanks
Anil
0
 

Expert Comment

by:ISKPatel
ID: 11194690
Dear this is all Worm
i have a site where u remove this all problums
see this
www.pandasoftware.com/activescan/default_com.asp
this is onlive traking & cleaning+scanning tools for any worm & virus ..
plz chk it out
Best regards
ISKPatel
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
OnPage: Incident management and secure messaging on your smartphone
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question