HELP! W32.Pinfi HOW TO REMOVE!!
windows ME Hp
W32.Pinfi <-- DIsabled all anti virus, firewall, and other software, and is taking over hard drive i need urgent HELP!!! est. time left 1 hr.!!!!!!
Pc Expert2007
W32.Pinfi <-- DIsabled all anti virus, firewall, and other software, and is taking over hard drive i need urgent HELP!!! est. time left 1 hr.!!!!!!
Pc Expert2007
Did you try starting in safemode and doing a search and deleting any files associated with it?
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) of VGA mode (Windows NT).
Run a full system scan and repair all the files detected as W32.Pinfi.
Reverse the value that the virus added to the registry.
Update the virus definitions.
Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) of VGA mode (Windows NT).
Run a full system scan and repair all the files detected as W32.Pinfi.
Reverse the value that the virus added to the registry.
please disregard first solution as it affects .exe files.
ASKER
I have found the virus Main part, but i cant delete it, i have tried refabercating the hard drive, windows ME it's self. its stuck right in the Explorer folder, the most important folder, once i download any anti virus, WIN PINFI destorys the important files of the antivirus I went in SAFE mode, and it went undetected and i could not remove it, it is boosting my MB of Ram to the maximem amount which is 900 Mb by idleing, Any comments?
Not sure which of these steps you have tried:
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
PC-Expert2007, I could write you a tool to remove the virus if you like. Then all you would have to do is run it in safe-mode. However, from what I've read. The virus seems to be remaining in memory via a registry key. Following these steps from Big5250's link above will remove it from memory. After that you should only have to delete the folder it creates.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit, and then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_CURRENT_USER\SOFTWARE
In the right pane, delete the value: PINF
Exit the Registry Editor.
After this, run a search on your computer by clicking Start - Search - Find file or folders.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit, and then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_CURRENT_USER\SOFTWARE
In the right pane, delete the value: PINF
Exit the Registry Editor.
After this, run a search on your computer by clicking Start - Search - Find file or folders.
in the containing text field type tmp. If your computer finds a file which is made up of: [3 random letters][4 random hexadecimal digits].tmp - delete it and restart. Make sure you have removed the registry key and re-logged on to remove the virus from resident memory.
Greetz.
Matt.
Greetz.
Matt.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.