Solved

HELP! W32.Pinfi HOW TO REMOVE!!

Posted on 2004-08-23
10
685 Views
Last Modified: 2012-06-22
windows ME Hp  

W32.Pinfi <-- DIsabled all anti virus, firewall, and other software, and is taking over hard drive i need urgent HELP!!! est. time left 1 hr.!!!!!!


Pc Expert2007
0
Comment
Question by:PC-Expert2007
10 Comments
 

Expert Comment

by:nicoric
ID: 11869892
Did you try starting in safemode and doing a search and deleting any files associated with it?
0
 

Expert Comment

by:nicoric
ID: 11869958
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) of VGA mode (Windows NT).
Run a full system scan and repair all the files detected as W32.Pinfi.
Reverse the value that the virus added to the registry.

0
 

Expert Comment

by:nicoric
ID: 11870133
please disregard first solution as it affects .exe files.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:PC-Expert2007
ID: 11874209
I have found the virus Main part, but i cant delete it,  i have tried refabercating the hard drive, windows ME it's self. its stuck right in the Explorer folder, the most important folder, once i download any anti virus, WIN PINFI destorys the important files of the antivirus I went in SAFE mode, and it went undetected and i could not remove it, it is boosting my MB of Ram to the maximem amount which is 900 Mb by idleing, Any comments?
0
 
LVL 5

Expert Comment

by:Big5250
ID: 11874768
Not sure which of these steps you have tried:

http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
0
 

Expert Comment

by:Kgenis
ID: 11883053
PC-Expert2007, I could write you a tool to remove the virus if you like. Then all you would have to do is run it in safe-mode. However, from what I've read. The virus seems to be remaining in memory via a registry key. Following these steps from Big5250's link above will remove it from memory. After that you should only have to delete the folder it creates.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit, and then click OK. (The Registry Editor opens.)
Navigate to the key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer


In the right pane, delete the value: PINF
Exit the Registry Editor.

After this, run a search on your computer by clicking Start - Search - Find file or folders.
0
 

Expert Comment

by:Kgenis
ID: 11883087
in the containing text field type tmp. If your computer finds a file which is made up of: [3 random letters][4 random hexadecimal digits].tmp - delete it and restart. Make sure you have removed the registry key and re-logged on to remove the virus from resident memory.

Greetz.
Matt.
0
 
LVL 1

Accepted Solution

by:
Alien3 earned 25 total points
ID: 11927811
I had this virus before and I never had to reformat.

This tut is written for Norton Anti-Virus system-administrator users using Windows XP.

1. Press CTRL+ALT+DELETE and close as much as processes as possible. Like Winamp, MSN, IRC and any other filename you find suspicious.

2. Open your NAV and make sure it still works properly. If it doesn't it's probably touched by the virus, so uninstall it, and install it again.

3. Reboot in SAFE MODE (for Windows XP user: Goto START > RUN and type in "msconfig". Press enter. On the "Boot.ini" tab check the "/SAFEMODE" option. Press OK and if it asks for reboot, do it.)

4. Start your NAV and do a full system scan. This may take a while. It will repair all the EXE's (in good cases) but one or more .tmp files are still infected and failed to repair: Quarantine them and delete them after that in the Quarantined Items list. The virus should now be totally removed from your PC.

5. Reboot in NORMAL MODE (for Windows XP user: Goto START > RUN and type in "msconfig". Press enter. On the "Boot.ini" tab uncheck the "/SAFEMODE" option. Press OK and if it asks for reboot, do it.)

6. Use regedit.exe to delete the key "PINF" located in " HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Explorer"

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question