On Thu, 11 Sep 2003 10:40:13 -0700, david k. wrote:
> I downloaded a virus called w32.pinfi - (Norton also had
> a list of other names for it.Win32.Parite.a [KAV],
> W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A
> [Trend], W32/Parite-A [Sophos], Win32/Parite.A [RAV])
> Norton AV found it but could not quarantine, delete, or
> repair it. I have been trying everything to get rid of it
> for 6 hours but I cannot not make the file accesible to
> me, so that i can delete it. I have gone through
> properties - security - advanced like one of the
> microsoft pages recommended, Both for the file and
> folder. I followed the instructions. It should be
> following the rules on the parent file, but it isn't, I
> should have the right to delete. I have Window's XP. The
> file is in:
> c:\documents and settings\brandon\local
> settings\temp\brj183.tmp
> the virus is in the brj183.tmp file... Is there anyway I
> can delete this file. Please help, thank you so much
> dave
>
>
>
This polymorphic virus attaches to explorer.exe and stays alive by existing
in memory instead of being embodied in an actual file. Have you disabled
System Restore and restarted in Safe Mode yet as described here:
http://securityresponse.symantec.com...w32.pinfi.html
Until you restart in Safe Mode, the virus will remain active and resistant
to cleaning. While in Safe Mode, you need to manually do the registry edit
that is also described in that article.
To start the system in Safe Mode, press F8 after POST and before Windows
starts to load. In Safe Mode, you must log on with an account that is a
member of the administrative group.
TIP: Since the file infects SCR and EXE files, change your screensaver to
NONE until you have this repaired. Right click the desktop, choose
Properties. Click the Screensaver tab. Select NONE in the box for selected
screensaver and then click OK.
--
Sharon F
MS-MVP - Windows XP Shell/User
Similar Threads
