Solved

W32.Pinfi Problem With Explorer

Posted on 2004-05-02
11
326 Views
Last Modified: 2010-04-11
My Computer illiterate family has somehow got a virus in their computer. A quick scan through reveals the computer being infiltrated by W32.pinfi. I deleted the String from explorer and ran the VirusScan stuff. Apparently when ever someone clicks on something on the desktop,tries to open a Folder or file, or try to use Internet Explorer, The explorer.exe shuts down and restarts and the message "Windows cannot find C:\Windows\System32\cmd32.exe cannot be found" i know cmd32.exe is a virus and it not being found is a good thing, meaning my norton deleted it sucessfully.... but i do not understand why explorer keeps trying to open that program and i can't get it working... help please!!! I'm sorta desperate but i do not have points enough to give 500.. Hope someone has pity to give me an answer.. THANK YOU!
0
Comment
Question by:Frostwolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:IceRaven
ID: 10974320
Hi Frostwolf,

Go edit the registry, back it up first of cource :)

Find the Key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

It will probably say:

explorer.exe c:\windows\system32\cmd32.exe

Change it to:

explorer.exe

Cheers,
IceRaven
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10976220
Ask them to download and run Stinger:

http://vil.nai.com/vil/stinger/

Should save them manually having to do this.

0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10977003
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 

Author Comment

by:Frostwolf
ID: 10983292
IceRaven i found the key but i did not find the explorer.exe at all

Thanks a ton sunray it helped alot i searched out one key with the virus and deleted it but apparently the computer is STILL infected with it and the same message comes up...

Tim_holman im still working on the Stinger.. its scanning right now so i'll be back to update and see how it goes...

The explorer still dies out on me...
0
 

Assisted Solution

by:Qualiflow
Qualiflow earned 30 total points
ID: 10984792
If you run Win Xp or Me, you may temporarily turn off System Restore. Windows XP and Me uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
Howto turn off system restore on Windows XP : http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?
Howto turn off system restore on Windows ME : http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?

Then you may be able to remove the virus.
0
 
LVL 7

Expert Comment

by:IceRaven
ID: 10984838
Search the registry for cmd32.exe

See what you come up with.

Cheers,
IceRaven.
0
 

Author Comment

by:Frostwolf
ID: 11000998
okay new problem... apparently its not the cmd32.exe thats messing up the system.. i got rid of it thanks iceraven.... the persisting problem now is that... the explorer disappears whenever i click anything on the desktop... try to open internet explorer... OR try to open a folder... help!!!
0
 
LVL 7

Accepted Solution

by:
IceRaven earned 95 total points
ID: 11001436
If you have cleaned your computer against viruses with stinger.  The next step is your computer may have spyware/adware/malware.  This infection software is often not picked up by anti-virus software and needs specific cleaning software.  The software I recommend is downloaded from www.safer-networking.org and is called Spybot S&D.   You will need to download, install, search for updates and then scan your computer for the little software nasties.  Once you have done so, reboot your computer and see if the problems are gone.  If not, download a program called Hijack This from www.spywareinfo.com/~merijn/downloads.html this program produces a log file.  Post the log file here and someone should be able to tell you what to do.

Cheers,
IceRaven.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11003615
Run stinger in safe mode !
0
 

Author Comment

by:Frostwolf
ID: 11073296
Its still not working.....
0
 

Author Comment

by:Frostwolf
ID: 11474332
Thanks all for helping me... somehow my brother magically got it working.... but ur help was VERYYYYYY appreciated
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question