?
Solved

W32.Pinfi Problem With Explorer

Posted on 2004-05-02
11
Medium Priority
?
337 Views
Last Modified: 2010-04-11
My Computer illiterate family has somehow got a virus in their computer. A quick scan through reveals the computer being infiltrated by W32.pinfi. I deleted the String from explorer and ran the VirusScan stuff. Apparently when ever someone clicks on something on the desktop,tries to open a Folder or file, or try to use Internet Explorer, The explorer.exe shuts down and restarts and the message "Windows cannot find C:\Windows\System32\cmd32.exe cannot be found" i know cmd32.exe is a virus and it not being found is a good thing, meaning my norton deleted it sucessfully.... but i do not understand why explorer keeps trying to open that program and i can't get it working... help please!!! I'm sorta desperate but i do not have points enough to give 500.. Hope someone has pity to give me an answer.. THANK YOU!
0
Comment
Question by:Frostwolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:IceRaven
ID: 10974320
Hi Frostwolf,

Go edit the registry, back it up first of cource :)

Find the Key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

It will probably say:

explorer.exe c:\windows\system32\cmd32.exe

Change it to:

explorer.exe

Cheers,
IceRaven
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976220
Ask them to download and run Stinger:

http://vil.nai.com/vil/stinger/

Should save them manually having to do this.

0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10977003
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 

Author Comment

by:Frostwolf
ID: 10983292
IceRaven i found the key but i did not find the explorer.exe at all

Thanks a ton sunray it helped alot i searched out one key with the virus and deleted it but apparently the computer is STILL infected with it and the same message comes up...

Tim_holman im still working on the Stinger.. its scanning right now so i'll be back to update and see how it goes...

The explorer still dies out on me...
0
 

Assisted Solution

by:Qualiflow
Qualiflow earned 90 total points
ID: 10984792
If you run Win Xp or Me, you may temporarily turn off System Restore. Windows XP and Me uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
Howto turn off system restore on Windows XP : http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?
Howto turn off system restore on Windows ME : http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?

Then you may be able to remove the virus.
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10984838
Search the registry for cmd32.exe

See what you come up with.

Cheers,
IceRaven.
0
 

Author Comment

by:Frostwolf
ID: 11000998
okay new problem... apparently its not the cmd32.exe thats messing up the system.. i got rid of it thanks iceraven.... the persisting problem now is that... the explorer disappears whenever i click anything on the desktop... try to open internet explorer... OR try to open a folder... help!!!
0
 
LVL 7

Accepted Solution

by:
IceRaven earned 285 total points
ID: 11001436
If you have cleaned your computer against viruses with stinger.  The next step is your computer may have spyware/adware/malware.  This infection software is often not picked up by anti-virus software and needs specific cleaning software.  The software I recommend is downloaded from www.safer-networking.org and is called Spybot S&D.   You will need to download, install, search for updates and then scan your computer for the little software nasties.  Once you have done so, reboot your computer and see if the problems are gone.  If not, download a program called Hijack This from www.spywareinfo.com/~merijn/downloads.html this program produces a log file.  Post the log file here and someone should be able to tell you what to do.

Cheers,
IceRaven.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11003615
Run stinger in safe mode !
0
 

Author Comment

by:Frostwolf
ID: 11073296
Its still not working.....
0
 

Author Comment

by:Frostwolf
ID: 11474332
Thanks all for helping me... somehow my brother magically got it working.... but ur help was VERYYYYYY appreciated
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question