HELP anyone for the love of god...lol I got a virus I can't get rid of its w32.pinfi I have tried to find removal programmes and for osme reason cant get any? any ideas on how to get rid of this would be greatly appreciated thanx..

Try Symantec home virus checker

http://security.symantec.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=20&pkj=YLXDFIZTYMWPAZTJWUF

click on scan for viruses :)

hope it works

or u can try this one kills

http://uk.trendmicro-europe.com/enterprise/products/housecall.php

did that it found it but won't get rid of it I need a tool to get rid of ...any removal tools out ther efor this one guys?

QUICK LINKS Solution

--------------------------------------------------------------------------------

Virus Type: File Infector

Destructive: No

Aliases: PARITE.A, Win32.Parite.b, W32.Pinfi

Pattern file needed: 192

Scan engine needed: 5.400

Overall risk rating: Low

--------------------------------------------------------------------------------

Reported infections: Low

Damage Potential: High

Distribution Potential: High


The dropper malware PE_PARITE.A.DRP drops this non-destructive memory-resident virus, which infects .EXE and .SCR files by appending its virus code to target files.

MANUAL REMOVAL INSTRUCTIONS

Terminating Malware Process

In a folder, download Trend Micro's sysclean.com (http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=41347&VName=PE_PARITE.A)

In the same folder, download the latest pattern file.
Disconnect your infected system from the network.
Open a DOS command prompt window. To do this, Click Start>Run, type "command" then hit the Enter key.
Go to the directory where you placed the tool (e.g. C:\FOLDER\).
Terminate Explorer.exe with the following instructions:
Open Windows Task Manager.
On Windows 95, 98, or ME systems,
you may use a third party process viewer to terminate explorer.exe.
On Windows NT, 2000, XP systems,
press CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs*, locate the explorer.exe.
Select the explorer.exe file, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
On the DOS command prompt, execute sysclean.com.
Look into the log file. It should report that it has cleaned explorer.exe. Once cleaned, still in the DOS window, enter explorer.exe in the command prompt.

its all i could find

Good luck

kills are you using system restore cause that will hold a copy of it

no m8 I disabled and wiped all my restore points also all my temp folders and documents folders

found a lot of peeps saying it is a joke virus, but it aint...


try this:


http://www.sophos.com

or this:


http://www.computing.net/security/wwwboard/forum/4905.html


this looks good:


Trojan Remover at:
http://www.simplysup.com/tremover/details.html

found this now from symantec:


Upon executing a file infected with W32.Pinfi, the virus will perform the following:


1. Adds the registry value:

PINF

to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer

2. Appends itself to Explorer.exe to remain memory-resident.

3. Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.

4. W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile this virus creates will always have the following name:

[3 random letters][4 random hexadecimal digits].tmp

The file it creates is a UPX packed executable file. The temporary file will be executed by the virus, and it is this file that will attempt to infect files over network shares.






Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.


The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


1. Update the virus definitions.
2. Run a full system scan and repair all the files detected as W32.Pinfi.
3. Reverse the value that the virus added to the registry.

For specific details on each of these procedures, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions. These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate), in the "Protection" section, at the top of this writeup.
Downloading the definitions using the Intelligent Updater. The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater), in the "Protection" section, at the top of this writeup.

The Intelligent Updater virus definitions are available here. For detailed instructions on how to download and install the Intelligent Updater virus definitions from the Symantec Security Response Web site, click here.

2. Scanning for and repairing the infected files
a. Start your Symantec antivirus software and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec corporate antivirus product is set to scan All Files."
b. Run a full system scan.
c. If any files are detected as infected with W32.Pinfi, click Repair.

3. Reversing the value from the registry

CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit, and then click OK. (The Registry Editor opens.)
c. Navigate to the key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer

d. In the right pane, delete the value: PINF
e. Exit the Registry Editor.

do what i do

1) find virus
2) look at it for an hour
3) find a nice corner
4) sit in corner and cry

right I have checked that a few times adn it doesn't seem to be there now however I still can't run a full system check on norton as it keeps giving me this error message internet explorer script error.. adn tehn gives me variou snumbers and stuff I ave however managed to get norton auto protect on so hopefully it will pick up any of these pinf virus things ..however I still would like to know how to get my norton workng properly.....and yeah I have reinstalled it...lol

it sounds to me m8 like its damaged explorer....it sits in there and if norton cant get it then i may be a reinstall.....:'-(

but is there a way to reinstall explorer on it own? smee may know...

norton doesnt work properly. however you set it up..

if in doubt a good format always clears the air :D

right guys it def looks like I got the bleeder however norton still aint allowing me to full system scan I do have it on autdetect which to eb honest aint great if I need to install something that requires it to be off...Also my media player won't work so am thinking it is something to do with explorer I uninstalled explorer and then reinstalled with ie6sp1 but still no joy any ideas guys as I am really loather to reinstall everything adn if I need to how excatly do I just put in my xp disc and let it format? is that all thats required?

if in doubt a good format always clears the air

Someone said that to me, and I felt like punching them after 8 hours of reinstalling XP just so it could work.. then crash the next day.

looks like its a re install can't think of anything else to do ok guys hoepfully I will be back soon but might not be...lol if am not at praccy Ivan tonight you know why :P

he he i can reistall and get cs back in under 2 hours......:D

some of us have hard drives that are larger than 5 gig :p ...lol well as you can see I am back on with not a virus to be found well one that I see the doc about but that doesn't need to be known here ...lol:p anyway I need a favour (yeah another one) any of you guys got a copy of xp office that ya could dl to me or send me or loan me I really need it wife is doing her management stuff and giving me mucho grief cheers guys

i only got a bad copy m8. works but its cranky...get it off kazaa...:cool:

Kazza!!! KAZZZA!!!!! FOOKING KAZZA!!! those no good fecking progs and download crap things gave me the fecking virus in the first place so no I wont be going anywhere near Kazza ever again the fecking piece of crap ...anyway now my rant is done......lol

oops okay m8......;)


some1 get this man a copy of office NOW!:D

pmsl kills, do you feel better now you have had that rant!!!! :-D

ehm yeah to be honest ...lol and now I got office too so am happy camper again all I need now is for Porto to win euafa cup and am sorted...lol