w32.pinfi & script error

Posted 7/24/2004 7:55 AM
#2081
User avatar

adit Member

Date Joined Nov 2016
Total Posts: 4
My computer has been infected by the virus W32.pinfi. I have Norton Antivirus 2002 and have the latest antiviruses. I followed the procedure required to remove the virus, given in the Norton website. But suddenly when I started NAV it started showing a IE script error; line:169. and I was unable to scan for viruses.Then I again went to the norton website for help. It said the general solution is to re-install NAV and I did it and I also updated the viruses again. I even re-installed Internet Explorer. But I am still having the same problem. I am not able to scan the infected files and many softwares like Go!zilla are getting currupted!and I am not able to open Age of Empires, it just closes after I open it. the computer also hangs very often.I have spent the last three days on just deleting, installing and updating softwares which is quite irritating. Please advice me!
Posted 7/24/2004 8:00 AM
#2083
User avatar

Tiger-Stripe Valued member

Date Joined Nov 2016
Total Posts: 16
ummm ya how often does it hang i think i can help
[4]Life sucks so thats why i forget about life and focus on more important things like [6]WHY IN THE HELL PEOPLE MAKE VIRUSES[/4][/6]
Posted 7/24/2004 6:48 PM
#2097
User avatar

adit Member

Date Joined Nov 2016
Total Posts: 4
Thank you for the reply.
It would be very helpful if you could tell me the procedure to delete the virus and scan with NAV correctly.

Thank you
Posted 7/27/2004 11:02 AM
#2137
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
I hope its a single pc and not a network. CUZ MAN THAT WOULD Suck :burger:


SHOULDA BOUGHT A macintosh! it cant get this virus! MAN HOW DID U GET THIS VIRUS?

Its such an old virus.. should be extinct! ITS A WEAK virus too.. except that it Spreads from computer to computer faster than Lance Armstrong can go from Start to finsh!



HOW MANY .EXE's AND SCRS do u have in your CV folder? CUZ this polymorphic virus loves to attack them! :roll:



OK TO REMOVE THIS VIRUS U GOTTA UNDASTAND IT.. 2 do THAT.. you have to understand

its Registry value. which is PINF and it regulates in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
THEN IT TURNS TO A LIGHTWEIGHT BOXER, LIKE ALI's Daughter, and starts attacking iexplore.exe and later

it decides to take an endless vacation on your internet explorer!



HOW NOW WHATS COOL ABOUT THIS VIRUS IS THAT... its LIKE ALI's daughter...it starts attacking LITTLE BY LITTLE.. THEN KEEPS ON ATTACKIn.. AND NEVER STOPS.. ALSO IT ONLY ATTACK FEW FILES AT A TIME BUT PLANS ON ATTACKING THE WHOLE FOLDER! NOW WHERE DOES THIS THING HIDE? IT DEPENDS WHERE YOU DOWNLOADED IT AT..BUT THEY ALL HAVE THIS SAME FORMAT

[3 random letters][4 random hexadecimal digits].tmp









OK THIS HOW 2 DELETE THE VIRUS (THE SIMPLE WAY)

1. DISABLE SYSTEM RESTORE

2. RESTART IN SAFE MODE

3. RUN NORTON VIRUS SCAN

4. DO NOT DELETE any files in win32.Pinfi.. CLICK REPAIR

5.START > RUN >REGEDIT

6.HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer

ON THE RIGHT HAND SIDE DELETE THE VALUE PINF


G'Luck!
Posted 7/27/2004 1:10 PM
#2144
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Hey clyde you do this for a living?

sounds like you know your way around a pc.

Eagle :smilewinkgrin:
Posted 7/27/2004 7:06 PM
#2157
User avatar

adit Member

Date Joined Nov 2016
Total Posts: 4
Thank you SClyde for the reply.
Ya I know the procedure well. But the problem is that I am not able to scan for viruses with Norton. When I open NAV it displays a script error, line:169. and Error: Permission denied.

I have updated the virus definitions. And I have reinstalled IE. But the problem still exists.

So now I just wanted to know how to run a full system scan with Norton and remove the virus

Thank you once again.

And you have a great sense of humour :smilewinkgrin:
Posted 7/28/2004 1:16 AM
#2167
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
Script Error 169? Very rare error. It would make perfect sense to get that error if you had Windows 2000, but to get that error on any other OS would not be too fortunate.


Does the error read

"An error has occurred in the script on this page
Line: 169
Char: 2
Error: Permission denied
Code: 0
URL: res://C:\Progra~1\Norton~1/Navui.dll/navstats.htm"



To Fix that, only in "Windows 2000" (theres a slim chance it might work for ME, and XP too)


  1. Start NAV
  2. Click LiveUpdate
  3. Download all available updates that you can and restart the computer when it asks you to restart the pc.
  4. Start NAV and run LiveUpdate again. Download all available updates again and restart the computer when it prompts u to restart it again.
  5. DO THIS PROCESS OVER and OVER until you see the message Thank you for using LiveUpdate. All of the Symantec products and components installed on your computer are currently up-to-date. Remember to check for new updates frequently
  6. then
    7. DISABLE SYSTEM RESTORE

    8. RESTART IN SAFE MODE

    9. RUN NORTON VIRUS SCAN

    10. DO NOT DELETE any files in win32.Pinfi.. CLICK REPAIR

    11.START > RUN >REGEDIT

    12.HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer

    ON THE RIGHT HAND SIDE DELETE THE VALUE PINF




If your error script isn't exactly like that above then reply back exactly what the error script says.

And your Operating System.





Eagle, no I don't work with computers for a living and I Don't plan too. Well, I make freeware computer games using c++, javascript, visiual basic, and flash for fun.. if that counts.. I'm actually making a flash based game at this moment! I can do alot of things with the computer but i think my most important knowledge that i have is being able 2 crack porn sites... like if you need a password and login to any porn site.. just give me the url of the porn site and i could easily crack it..NOT SAYING THAT I DO BUT I HAVE THE KNOWLEDGE to... and i will teach anyone how to.. if they would like to know how..

I like the statement

"give a man a fish and he eats for one day, teach a man how to fish and he eats forever"



For a 'living' i'm still in law school right now.. but I plan to work with my dad at his Law firm.. Tho its

mainly a corporate firm.. I'm going to be the only Criminal / Juvenile Law attorney working there.

I have a soft spot for SMART criminals.. I'm gonna try and keep them outta jail, cause everyone SMART criminal deserves a second,

third, and fourth chance.. SMART criminals

DO NOT INCLUDE

RAPISTS/CHILD MOLESTERS/PHEDOPHILES..

CAUSE I HATE THOSE TYPE OF PEOPLE..



When I say Smart Criminals I'm talking about

Racketeering with an income profits of least 1 + Million

Internet identify theft personels with an income profits of least $200,000

CAPITAL Offense/ Manslaugter

basically any A,B,C, Felonies for adults

and an extra level D Felony for Juveniles
Posted 7/28/2004 9:16 AM
#2193
User avatar

adit Member

Date Joined Nov 2016
Total Posts: 4
WOO WOO WOO
What a match!!Clyde I just can't beleive I have found a person that I dream of being.

Actually I'm still an amateur in the field of Networking. But I have an amazing thirst for knowledge in hacking and I have the passion for it. I dream of having the best work stations in the world. But the problem is that I live in Bangalore, India & I dont have the right type of environment and resources. :shakehead: I'm in my first year of Undergrad in Computer Science.



I also get a lot of ideas regarding network security. I have deviced a method of Hacking the biggest Lotto game in India which is worth Rs.50 crores, thats like $10 mils. And I dont wish to tell it to everyone as I want to sell the idea :smilewinkgrin:



So, you can hack into any porn site you said. I would like to know how. For example I'll just give you an easy site for a starter. it's a really cheap site www.indianadultmovie.com.



I almost forgot about my problem. You are right I get the same error.I have win98 & anyways the method is not working. But the PC is functioning OK for the time being, but i'm still not able to run a system scan even in Safe mode.

Thanks a lot. I also would like to know your e-mail add., if you dont mind.
Posted 7/28/2004 7:48 PM
#2216
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
adit, check your private message, I sent you 6 or 7 working passwords to the indian site...
I'll send a Private message later how to hack that site on your own in a matter of hours.

But its not really smart FOR YOU to hack any site in your own country but whats the worst harm (Theres a 95% chance you won't get caught anyways). It would be best in your interest to hack American Porn sites/ Austrailian / Europe / any country in which is far from your location.

Interesting fact :

Most American Porn sites are cracked by the Israelis. (hard 2 believe)

Most European porn sites are cracked by the Israelis.

Damn.. I think most of all porn sites are cracked by the Israelis.. but anyways

I'm writing up for you how to fish .. instead of me just giving you the links like I did.

tell me how you like that that adultindianmovies site.
Posted 7/28/2004 9:26 PM
#2217
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
tutorial on how to hack sent adit, best of luck :blush:
Posted 7/29/2004 1:27 AM
#2221
User avatar

Wolfie Member

Date Joined Nov 2016
Total Posts: 6
Dear SClyde (and other good samaritans),

Well, I tried removing Win32/Parite by following SClydes instructions for removing PINF on this page (they are the same virus, right?). It didn't work because I couldn't find the "PINF" key in either the left or right panel - and yes, I did start up in safety mode, in case that makes any difference.

I run Windows ME. What do you think could be the problem?

Thanks,
Wolfie
Posted 7/29/2004 2:04 AM
#2222
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
Wolfie, when in REGEDIT, highlight My Computer
HOLD Control and F and the same time

it will pop up "FIND"

type PINF



if its not there, you do not have the parasite.
Posted 7/29/2004 2:41 AM
#2223
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
O yeah, just to answer your next question,
after you searched "PINF" it showed up something like

"Default" with binary code C:\WINDOWS\PCHealth\HelpCtr\Binaries\brpinfo.dll

THAT is PINF. just think of PINF as Osama Bin Laden, its in hiding.

BUT (WHEN IN REGEDIT) just highlight My computer, HOLD CONTROL + F, TYPE PINF

and YOU WILL FIND IT.



And to answer your next question,

"I deleted it but nothing happened"



You have to do the process in order!.




1. DISABLE SYSTEM RESTORE

2. RESTART IN SAFE MODE

3. RUN NORTON VIRUS SCAN (or whatever you have)

4. DO NOT DELETE any files in win32.Pinfi.. CLICK REPAIR

5.START > RUN >REGEDIT

6.HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer

ON THE RIGHT HAND SIDE DELETE THE VALUE PINF



THERE IS NO LUCK INVOLVED. THIS IS A VERY VERY SIMPLE VIRUS. YOU WILL

FIND THE PINF KEY AND DELETE IT. PLEASE REPLY IF YOU HAVE ANY PROBLEMS.
Posted 7/29/2004 5:35 AM
#2228
User avatar

Wolfie Member

Date Joined Nov 2016
Total Posts: 6
Oh damn it!

SClyde - I got worry.

I followed your instructions but it is still being detected. A few things are worth noting.

When I delete the Pinf file the icon remains but now the data reads "value not set". I don't know if this is what is expected or not. Even when I delete it the bugger re-appears when I search again, invaribly using a name like "IWinInetHttpInfo".

I run AVG to find the virus. Could this be singificant? Should I try another anti-virus program and if so, can you recommend a free one I can get off the web?

The infected files are:
C:\WINDOWS\Temporary Internet files\CONTENT.IEA.QJIFB2F\HOT New Toy for Christmas 2002!
and another similar one, in case that helps.

Cheers,
Wolfie
Posted 7/29/2004 1:32 PM
#2233
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Wolfie,
do your self a favor trash norton and download bullguard! that will help with most of these viruses. Sclydes advice is good and solid but truthfully norton sucks!

Eagle :smilewinkgrin:
Posted 7/29/2004 11:08 PM
#2256
User avatar

SClyde Valued member

Date Joined Nov 2016
Total Posts: 20
User image
Basically, Keep repeating the Hold and F process then typing PINF

and delete the file

the IMG code must not work, anyways
go to https://www.photodump.com/direct/sao/pinf.jpg
theres step by step DETAILED instructions
Posted 7/30/2004 3:09 PM
#2267
User avatar

old_fart Advanced member

Date Joined Nov 2016
Total Posts: 33
SClyde,

Could he have a process running that rewrites the registry entry after it is deleted. Doesn't seem as if this should be active in safe mode, but maybe. I found this on some internetbargain hijacker and it required I stop the 5 deamons it had spawned before the delete was valid.

Also, i love to fish, if you get a chance

thanks
Posted 7/31/2004 6:33 AM
#2279
User avatar

Wolfie Member

Date Joined Nov 2016
Total Posts: 6
Evidently following the above instructions is not enough. One file (an icon that has "AB" written on it and "value not set" under data) cannot be deleted. When I try I get the message "Unable to delete all specified values". Modifying it to give it another name and then deleting doesn't work either. Any other ideas?

About Bullguard - this sounds good. Can I get it free anywhere?

Cheers,
Wolfie
Posted 8/4/2004 10:58 AM
#2334
User avatar

Elrinth Member

Date Joined Nov 2016
Total Posts: 2
Hi, um... I also got this virus.. I have mcfee as antivirii program.
But I think this virus all spread out during the time I was trying doom3.

I disabled everything on my comp, to get as much speed for d3 as possible.

Even disabled the virusprogram. Well when I woke up yesterday, the comp was

slow as hell, and bro had checked his email earlier. (might've been from his email)

Well I tried iexplorer, and nothing came up, i tried my webserver.. and it didn't work outside

Something was wrong with the ports? (my neighbour controls the router) so i gave

a call to the neighbour asking what was wrong. He said I've done nothing. Anyhow

I asked him to restart the router, and no luck.



MSN, ICQ and DC (passive not active) worked. But not IE, or any ftp.



Oh, so I thought, maybe zonealarm got fucked up, which it did.. so I searched whole comp

and made trash outta it. still not working, I now remembered. I had shut off the virusprogram.

Well I activated it, the moment it was activated. It saw like more than 60 win32.pinfi at the same time.



Now it was time to do some cleaning. First thing I did (since I had _NO_ instructions whatsoever on what to do) was restart to safe mode and start viruscleaning. took VERY long, 900 .exe files infected. start up comp in usual mode again and it finds some more viruses. So I go to bro's comp (this one) and search around the net. First thing I found was the method to remove. (i had forgot the RESTORE disable, which I'll do now, gonna take a full day of virusscanning again) Then I found this site, where this guy is saying it's not enough.



Oh, and I believe he's right, this might not be enough. Why won't IE work? I've deleted that PINF registryentry. But I doubt such a thing was in the way. Something else must've been. PLEASE HELP!
Posted 8/4/2004 1:25 PM
#2338
User avatar

Wolfie Member

Date Joined Nov 2016
Total Posts: 6
Curious.

I have been directed to this thread and have found pinf files on REGEDIT, but I have never had any problems operating IE or any other program for that matter. Now I am starting to wonder if Parite and pinf are the same virus, as I was earlier encouraged to believe.

Fellow geeks, is there anybody out there who can help?

Regards,
Wolfie
Posted 8/4/2004 1:40 PM
#2341
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Try Bullguard and see what it does, if nothing else you will be able to send your scan logs to support@bullguard.com

Eagle :smilewinkgrin:
Posted 8/4/2004 6:22 PM
#2344
User avatar

Elrinth Member

Date Joined Nov 2016
Total Posts: 2
Ok, so this is how it was.. I finally figured what was spooking.


Ok anyhow, the _RESTORE stuff, I didn't have do to that.

It didn't find any new virusinfected files. Well the Explorer problem was @ Zone Alarm.

I had deleted it since it had caused problems. (couldn't click uninstall therefor I deleted it manually)

However, as Zone Alarm is, it cannot be deleted manually. (or atleast not delete just the files in Zone Alarm folder and removing the registry entries) Once all virus infected files were gone. I went on DC, downloaded a new version of Zone Alarm (old one didn't work to install) and I installed. (got a errormessage from vsmon.exe every 10 sec) After a minute zone alarm installer came up, and I managed to install a clean new zone alarm.

After that was done, I uninstalled (it worked this time cause uninstall.exe wasn't virusinfected :lol: )

and restarted comp.. and NOW everything works as it should.. YAY! :roll: ,



So remember everyone, Zone Alarm can get REALLY messy with ya if it crashes once. :p

Seems a friend of mine recommends Kerio firewall much much more, since it's free too. So from this day on, never ever use Zone Alarm again.
Posted 8/5/2004 12:53 PM
#2348
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Elrinth,

don't sound like your problem was with Zone alarm it was the virus that decided to piggyback on it.
Don't dis it iv'e used it it's very good. it will even tell you where the hacker is at least spoofing from if not his actual location.
you more than likely got hit while downloading.

Eagle :smilewinkgrin:
Posted 9/6/2004 12:27 PM
#2919
User avatar

LuckyDoyle Member

Date Joined Nov 2016
Total Posts: 2
i have also been infected with this BUT i cant see what it says on the NAV website because i have a few other virus's. I cant delete it and neither can norton 2003 pro. so what do i do?
Posted 9/6/2004 4:05 PM
#2921
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
As I have said so many times before,

TRASH NORTON ANTI VIRUS IT TRULY SUCKS. then download bullguard from the website www.bullguard.com

Eagle :smilewinkgrin:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 2, 2022, 2:51 PM (GMT +1)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
32 Guest(s), 0 Registered Member(s) are currently online.