[addsig]1
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 11:42am 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 11:42am 2004
Hey, I can't actually read the topic I just started, it closes my browser each time I click on it, whatever the trigger word is.. Anyhow, I'm in the snarkpit irc channel in quakenet.net if anyone wants to help me out. Thanks.
[addsig]
[addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 11:44am 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 11:44am 2004
I found it with avg, It's called win32/parite. How do I go about removing it completely? I deleted both infected files but it's still there.
[addsig]
Re: Crono: Crap damn crap.
Posted by Crono on Sun Mar 21st at 11:55am 2004
Posted by Crono on Sun Mar 21st at 11:55am 2004
That's the PINF thing ... it's annoying as hell.
Here's what you need to do. Log in as the administrator, goto the temp directory of the user which is infected, just delete everything there (if something is there a program needs the program will re-create it, so no worries) They are enbeded in *.tmp files, however, that is a normal extention, just to be clear. Anyway, just delete all of the files there, then run a virus scan again have it delete all the files it finds infected.
Now, restart, go into your normal user. goto Start >> run >> regedit
Now goto the directory:
HKEY_CURRENT_USER >> Software >> Microsoft >> Windows >> Current Version >> Explorer
In the right hand view: delete the file called "PINF" scan your computer once more, just to make sure ... and it wont hurt to restart.
It's a little bastard of a virus too. It doesn't really do anything, but it's operations slow your computer down. I think it changes some file sizes too. (So windows wont run them, because they are physically a different size then what their properties say)
Hope you can read this lol. and I hope it helps.
Might as well print it out or something.
I hope that's the virus it is, because that's what it said it was when I looked it up, and I've dealt with it numerous times. So I hope this helps, because I'm going to bed lol. (4 am). [addsig]
Here's what you need to do. Log in as the administrator, goto the temp directory of the user which is infected, just delete everything there (if something is there a program needs the program will re-create it, so no worries) They are enbeded in *.tmp files, however, that is a normal extention, just to be clear. Anyway, just delete all of the files there, then run a virus scan again have it delete all the files it finds infected.
Now, restart, go into your normal user. goto Start >> run >> regedit
Now goto the directory:
HKEY_CURRENT_USER >> Software >> Microsoft >> Windows >> Current Version >> Explorer
In the right hand view: delete the file called "PINF" scan your computer once more, just to make sure ... and it wont hurt to restart.
It's a little bastard of a virus too. It doesn't really do anything, but it's operations slow your computer down. I think it changes some file sizes too. (So windows wont run them, because they are physically a different size then what their properties say)
Hope you can read this lol. and I hope it helps.
Might as well print it out or something.
I hope that's the virus it is, because that's what it said it was when I looked it up, and I've dealt with it numerous times. So I hope this helps, because I'm going to bed lol. (4 am). [addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:03pm 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:03pm 2004
Damn, bad timing so. It won't let me run regedit. I think I found the offending file that started it all. It doens't show up as a virus but it won't let me delete it because it says it's currently in use. How do I go about removing this? Thanks for the help bud.
Probably should say I cant ctrl-alt-delete either. [addsig]
Probably should say I cant ctrl-alt-delete either. [addsig]
Re: Crono: Crap damn crap.
Posted by Crono on Sun Mar 21st at 12:13pm 2004
Posted by Crono on Sun Mar 21st at 12:13pm 2004
log in as Administrator.
Then do all the stuff I said to do. the virus will be gone by that point and you'd be able to go into the registry ... I hope.
(I decided to check one more time before I went to bed lol) [addsig]
Then do all the stuff I said to do. the virus will be gone by that point and you'd be able to go into the registry ... I hope.
(I decided to check one more time before I went to bed lol) [addsig]
Re: Crono: Crap damn crap.
Posted by scary_jeff on Sun Mar 21st at 12:18pm 2004
Posted by scary_jeff on Sun Mar 21st at 12:18pm 2004
hah, that's the stupid thing with windows that lets all these virii work - people are always logged in as administrator
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:46pm 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:46pm 2004
I'm in administrator mode. How do I boot in safe mode? I can get into the bios, but I can't find how to boot in safe mode. I can't run msconfig to enable it that way.
[addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:51pm 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:51pm 2004
Nevermind i'm in safe mode now. Anyone know how to delete a file that is "currently in use"?
[addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:52pm 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 12:52pm 2004
There's no PINF file in that place in the registry Crono.
[addsig]
Re: Crono: Crap damn crap.
Posted by Tracer Bullet on Sun Mar 21st at 8:21pm 2004
Tracer Bullet
member
2271 posts
367 snarkmarks
Registered: May 22nd 2003
Location: Seattle WA, USA
Occupation: Graduate Student (Ph.D)
Posted by Tracer Bullet on Sun Mar 21st at 8:21pm 2004
| ? posted by Alien_Sniper |
| Nevermind i'm in safe mode now. Anyone know how to delete a file that is "currently in use"? |
if this is a .exe we are talking about it's pretty easy. Just open up the Task Manager, go to the processes tab, and end the process which you want to delete... if it's not an execuitable you are trying to get rid of, then I supose you need to figure out which process is ueseing it and end that one before you can delete the offending file.
Tracer Bullet
member
2271 posts
367 snarkmarks
Registered: May 22nd 2003
Location: Seattle WA, USA
Occupation: Graduate Student (Ph.D)
Re: Crono: Crap damn crap.
Posted by Crono on Sun Mar 21st at 8:23pm 2004
Posted by Crono on Sun Mar 21st at 8:23pm 2004
Okay, A_S, dude, if you normally use Administrator as your user mode ... I'm not sure if this will work or not, but, try making a new user and giving them Administration rights and sign in as them and try all the stuff I said ... However, the Administrator temp file probably wont be ther ... Secondly ... if you are using Administrator as you default user .... WHY!?!? That's giving anyone who gets into your computer direct access to the root. Anyway. Once you get this fixed, use the new user you made as your default ...
However, if you're not using the Admin. as the default user, you should be able to do what I said. The reason why the thing might not be in your registry, is because it's under the CURRENT USER. if you're checking it under Administrator and not the user which is infected of course it wont be there.
I hope this is enough information to get you started at least ... post any questions you have, obviously.
That virus uses .tmp files in the Temp directory. And they're used by Windows and other executables on your computer, also it is made to spread over networks, so, it'll probably be on other computers if they're connected with no anti-virus.
Like I said, it's an annoying little bastard
[addsig]
However, if you're not using the Admin. as the default user, you should be able to do what I said. The reason why the thing might not be in your registry, is because it's under the CURRENT USER. if you're checking it under Administrator and not the user which is infected of course it wont be there.
I hope this is enough information to get you started at least ... post any questions you have, obviously.
| ? quote: |
|
if this is a .exe we are talking about it's pretty easy. Just open up the Task Manager, go to the processes tab, and end the process which you want to delete... if it's not an execuitable you are trying to get rid of, then I supose you need to figure out which process is ueseing it and end that one before you can delete the offending file. |
That virus uses .tmp files in the Temp directory. And they're used by Windows and other executables on your computer, also it is made to spread over networks, so, it'll probably be on other computers if they're connected with no anti-virus.
Like I said, it's an annoying little bastard
[addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Sun Mar 21st at 9:23pm 2004
Posted by 7dk2h4md720ih on Sun Mar 21st at 9:23pm 2004
Ok, thanks for all the help Crono, I got it sorted.
I booted in safe mode with network support. I was able to run my virus scanner which found nothing
I did all 3 online virus scans and they removed about 15 infected files altogether. I couldn't delete the original offending file because it was "currently in use by the system". I switched to dos and was able to delete it from there.
I never really thought about using a limited account for myself, nobody else has physical access to my pc. I'm using one now. Thanks again Crono and everyone.
[addsig]
I booted in safe mode with network support. I was able to run my virus scanner which found nothing
I did all 3 online virus scans and they removed about 15 infected files altogether. I couldn't delete the original offending file because it was "currently in use by the system". I switched to dos and was able to delete it from there.
I never really thought about using a limited account for myself, nobody else has physical access to my pc. I'm using one now. Thanks again Crono and everyone.
[addsig]
Re: Crono: Crap damn crap.
Posted by Crono on Sun Mar 21st at 9:44pm 2004
Posted by Crono on Sun Mar 21st at 9:44pm 2004
Whoa, hang on there buckaroo, the user can have administrative rights. Just don't use Administrator as your user lol. I mean if it didn't admin rights you couldn't really install much of anything, such as most drivers. Anyway, I'm sure that's what you made ... even though you said limited lol. anyway, rockin' roll, go play some games lol.
[addsig]
Re: Crono: Crap damn crap.
Posted by 7dk2h4md720ih on Mon Mar 22nd at 3:53pm 2004
Posted by 7dk2h4md720ih on Mon Mar 22nd at 3:53pm 2004
Ok I don't think it's completly gone yet. If i try and switch users now it tells me that I do not have permission to do this. I'm on the root admin account though trying to access a non pasworded account... argh.
Doing the online virus scans again. [addsig]
Doing the online virus scans again. [addsig]
Re: Crono: Crap damn crap.
Posted by Loco on Mon Mar 22nd at 7:17pm 2004
Posted by Loco on Mon Mar 22nd at 7:17pm 2004
Solution: buy/borrow Norton, change the boot priority (if you can) to boot from a CD, insert the Norton CD, reboot, and off you go. Thats all I can think of for the time being!
[addsig]
Re: Crono: Crap damn crap.
Posted by Crono on Mon Mar 22nd at 8:11pm 2004
Is that the limited account you made? All you need to do now that you've gotten rid of the thing (even if you just think so) is create a user with Admin. permissions.
If you're logged in as Administrator and you can't access other users data ... are you sure you didn't create a user account called 'Admin' and gave it limited permissions? Granted it's a stupid question, but, it's a possibility. There's also a possibility that you still have some funky virus ...
It might actually be easier if you IMed me if you have more trouble lol. [addsig]
Posted by Crono on Mon Mar 22nd at 8:11pm 2004
| ? quote: |
| Ok I don't think it's completly gone yet. If i try and switch users now it tells me that I do not have permission to do this. I'm on the root admin account though trying to access a non pasworded account... argh.
Doing the online virus scans again. |
Is that the limited account you made? All you need to do now that you've gotten rid of the thing (even if you just think so) is create a user with Admin. permissions.
If you're logged in as Administrator and you can't access other users data ... are you sure you didn't create a user account called 'Admin' and gave it limited permissions? Granted it's a stupid question, but, it's a possibility. There's also a possibility that you still have some funky virus ...
It might actually be easier if you IMed me if you have more trouble lol. [addsig]
Re: Crono: Crap damn crap.
Posted by Hornpipe2 on Mon Mar 22nd at 10:36pm 2004
Hornpipe2
member
636 posts
94 snarkmarks
Registered: Sep 7th 2003
Location: Conway, AR, USA
Occupation: Programmer
Posted by Hornpipe2 on Mon Mar 22nd at 10:36pm 2004
Yeah, you should never do normal computer work as the administrator. Security and virus concerns aside, the reason I have a non-admin account on my Linux box is to prevent me from doing stupid things like deleting all the important system commands, or moving everything in my home directory to /bin.
[addsig]
Hornpipe2
member
636 posts
94 snarkmarks
Registered: Sep 7th 2003
Location: Conway, AR, USA
Occupation: Programmer
1
© Snarkpit.net 2001 - 2023, about us, donate, contact
Snarkpit v6.1.0 created this page in 0.0097 seconds.
Snarkpit v6.1.0 created this page in 0.0097 seconds.