Crono: Crap damn crap.

Hey, I can't actually read the topic I just started, it closes my browser each time I click on it, whatever the trigger word is.. Anyhow, I'm in the snarkpit irc channel in quakenet.net if anyone wants to help me out. Thanks. :smile:

I found it with avg, It's called win32/parite. How do I go about removing it completely? I deleted both infected files but it's still there.

That's the PINF thing ... it's annoying as hell.

Here's what you need to do. Log in as the administrator, goto the temp directory of the user which is infected, just delete everything there (if something is there a program needs the program will re-create it, so no worries) They are enbeded in *.tmp files, however, that is a normal extention, just to be clear. Anyway, just delete all of the files there, then run a virus scan again have it delete all the files it finds infected.

Now, restart, go into your normal user. goto Start >> run >> regedit

Now goto the directory:

HKEY_CURRENT_USER >> Software >> Microsoft >> Windows >> Current Version >> Explorer

In the right hand view: delete the file called "PINF" scan your computer once more, just to make sure ... and it wont hurt to restart.

It's a little bastard of a virus too. It doesn't really do anything, but it's operations slow your computer down. I think it changes some file sizes too. (So windows wont run them, because they are physically a different size then what their properties say)

Hope you can read this lol. and I hope it helps.

Might as well print it out or something.

I hope that's the virus it is, because that's what it said it was when I looked it up, and I've dealt with it numerous times. So I hope this helps, because I'm going to bed lol. (4 am).

Damn, bad timing so. It won't let me run regedit. I think I found the offending file that started it all. It doens't show up as a virus but it won't let me delete it because it says it's currently in use. How do I go about removing this? Thanks for the help bud.

Probably should say I cant ctrl-alt-delete either.

log in as Administrator.

Then do all the stuff I said to do. the virus will be gone by that point and you'd be able to go into the registry ... I hope.
(I decided to check one more time before I went to bed lol)

hah, that's the stupid thing with windows that lets all these virii work - people are always logged in as administrator :smile:

I'm in administrator mode. How do I boot in safe mode? I can get into the bios, but I can't find how to boot in safe mode. I can't run msconfig to enable it that way.

Nevermind i'm in safe mode now. Anyone know how to delete a file that is "currently in use"?

There's no PINF file in that place in the registry Crono.

Alien_Sniper said:
Nevermind i'm in safe mode now. Anyone know how to delete a file that is "currently in use"?

if this is a .exe we are talking about it's pretty easy. Just open up the Task Manager, go to the processes tab, and end the process which you want to delete... if it's not an execuitable you are trying to get rid of, then I supose you need to figure out which process is ueseing it and end that one before you can delete the offending file.

Okay, A_S, dude, if you normally use Administrator as your user mode ... I'm not sure if this will work or not, but, try making a new user and giving them Administration rights and sign in as them and try all the stuff I said ... However, the Administrator temp file probably wont be ther ... Secondly ... if you are using Administrator as you default user .... WHY!?!? That's giving anyone who gets into your computer direct access to the root. Anyway. Once you get this fixed, use the new user you made as your default ...
However, if you're not using the Admin. as the default user, you should be able to do what I said. The reason why the thing might not be in your registry, is because it's under the CURRENT USER. if you're checking it under Administrator and not the user which is infected of course it wont be there.

I hope this is enough information to get you started at least ... post any questions you have, obviously. :smile:

if this is a .exe we are talking about it's pretty easy. Just open up the Task Manager, go to the processes tab, and end the process which you want to delete... if it's not an execuitable you are trying to get rid of, then I supose you need to figure out which process is ueseing it and end that one before you can delete the offending file.

That virus uses .tmp files in the Temp directory. And they're used by Windows and other executables on your computer, also it is made to spread over networks, so, it'll probably be on other computers if they're connected with no anti-virus.

Like I said, it's an annoying little bastard

Ok, thanks for all the help Crono, I got it sorted.

I booted in safe mode with network support. I was able to run my virus scanner which found nothing :rolleyes: I did all 3 online virus scans and they removed about 15 infected files altogether. I couldn't delete the original offending file because it was "currently in use by the system". I switched to dos and was able to delete it from there.

I never really thought about using a limited account for myself, nobody else has physical access to my pc. I'm using one now. Thanks again Crono and everyone. :smile:

Whoa, hang on there buckaroo, the user can have administrative rights. Just don't use Administrator as your user lol. I mean if it didn't admin rights you couldn't really install much of anything, such as most drivers. Anyway, I'm sure that's what you made ... even though you said limited lol. anyway, rockin' roll, go play some games lol.

Ok I don't think it's completly gone yet. If i try and switch users now it tells me that I do not have permission to do this. I'm on the root admin account though trying to access a non pasworded account... argh.

Doing the online virus scans again.

Solution: buy/borrow Norton, change the boot priority (if you can) to boot from a CD, insert the Norton CD, reboot, and off you go. Thats all I can think of for the time being!

Ok I don't think it's completly gone yet. If i try and switch users now it tells me that I do not have permission to do this. I'm on the root admin account though trying to access a non pasworded account... argh.

Doing the online virus scans again.

Is that the limited account you made? All you need to do now that you've gotten rid of the thing (even if you just think so) is create a user with Admin. permissions.
If you're logged in as Administrator and you can't access other users data ... are you sure you didn't create a user account called 'Admin' and gave it limited permissions? Granted it's a stupid question, but, it's a possibility. There's also a possibility that you still have some funky virus ...

It might actually be easier if you IMed me if you have more trouble lol.

Yeah, you should never do normal computer work as the administrator. Security and virus concerns aside, the reason I have a non-admin account on my Linux box is to prevent me from doing stupid things like deleting all the important system commands, or moving everything in my home directory to /bin.