win32.pinfi

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I got this virus.  Norton didn't detect it until after it was run, and then
it was too late.  What went wrong?  Nasty thing.  It first took out my
Internet Explorer and then my email. Tim



Re: win32.pinfi



Tim923 wrote:

Quoted text here. Click to load it

Several possibilities:
1.  your Norton (version unknown) is out of date
2.  the virus morphed and the current is not in your database
2a. it is an old virus, from 2001
2b. it morphed on November 10, 2009
3.  you got a file in email and didn't scan it

Quoted text here. Click to load it

<http://www.google.com/search?en&q=win32.pinfi>
<http://www.symantec.com/security_response/writeup.jsp?docid=2003-011708-2030-99
see also the Technical Details and Removal tabs

"Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP"

Get a better anti-virus program.
Get an operating system that is not affected by such nonsense.

--
   -bts
   -Friends don't let friends drive Windows

Re: win32.pinfi




| I got this virus.  Norton didn't detect it until after it was run, and then
| it was too late.  What went wrong?  Nasty thing.  It first took out my
| Internet Explorer and then my email. Tim



To answer what went wrong...  In short, Norton is party to blame.  It just isn't
that
good.

Replace it with Avira AntiVir.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: win32.pinfi



I see that it's an old version, Norton 2003, but I believe I was up to date
in updates.  It sure did detect win32.pinfi, but it was too late.  It wasn't
email related.  I downloaded something that didn't come from a nice official
webpage.  So I'm partly to blame.  I have to ask, would AVG free have done a
better job? Tim




Re: win32.pinfi




| I see that it's an old version, Norton 2003, but I believe I was up to date
| in updates.  It sure did detect win32.pinfi, but it was too late.  It wasn't
| email related.  I downloaded something that didn't come from a nice official
| webpage.  So I'm partly to blame.  I have to ask, would AVG free have done a
| better job? Tim

Just about any other would be an improvement over Norton and Avira AntiVir
stands above
their shoulders.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: win32.pinfi



Tim923 wrote:
Quoted text here. Click to load it

If you download a file and want to check it against a number of AV products

http://www.virustotal.com /

There is a file uploader available to make this even easier

http://www.virustotal.com/metodos.html


John

Re: win32.pinfi



Do virus scanners see what's in zip and rar files before they are
uncompressed, or is it just after?



Re: win32.pinfi




| Do virus scanners see what's in zip and rar files before they are
| uncompressed, or is it just after?


Depends on who the vendor is and what the settings are.  Most will default to
seeing
within non-password protected RAR and ZIP files.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: win32.pinfi



Virus scanners can scan files that are zipped, compressed, as well as
uncompressed.

--
Sir_George

Quoted text here. Click to load it

Re: win32.pinfi




Quoted text here. Click to load it

Just after. The difference is that they do the decompression for you,
behind the scenes, if you enable that option. Not only do they support
many archive types (most that you don't even use) but other types of
encoding - decoding schemes.



Re: win32.pinfi



Quoted text here. Click to load it

I don't think that there's an answer for that one.

Bottom line, they all suck - they can't be relied upon to make sure
executables that you download from untrusted sources are benign.

They *can* be useful in the "verify" part of "trust yet verify" when you
download from a source that you *do* trust.

I know, it sounds crazy, - why would anyone need to scan files obtained
from trusted sources?

Answer - viruses. Much of the rest can be avoided by policy.

Most of these so-called security programs are really just 'absence of
security' clean-up tools (some are very good at what they do). I
suggest, for those poeple feeling they must download and execute
untrusted programs from the internet, a good recovery plan (avoidance
won't work). When I was one of those, I used several computers (some
isolated) and disk images. Now, most people use virtual machines to test
in.



Re: win32.pinfi



Norton 2003 was 6 years out of date. Get the latest...

--



Quoted text here. Click to load it



Re: win32.pinfi



wrote:

Quoted text here. Click to load it

Norton 2003 is still recommended for Windows98, being almost the only
anti-virus program available (and updating) for that (older) Windows.
 ;-)

--
Fred W. (NL)

Re: win32.pinfi



Quoted text here. Click to load it

Anyone can take an old virus and repackage it and send it out as a
trojan. Such a trojan dropper, once executed, can drop a virally
infected file onto your file system and be "picked up" by your file
scanner - or not - and then end up infecting more files.

I suspect that such a thing has happened, do you have the original "bad"
executable (trojan) as well as some virally infected ones?

Quoted text here. Click to load it

I'm guessing that your Norton failed to recognize a trojan dropper and
yet was able to detect at least one of the dropped programs as being
infected with Pinfi. I suppose it is also possible that Norton failed to
recognize one iteration of Pinfi but was successful on the next
iteration, but your statement about having run something successfully
before the detection makes me think trojan.




Re: win32.pinfi`




Quoted text here. Click to load it

Forget about AVG.

Go for ESET or Kaspersky .

--
kerf


Re: win32.pinfi`




Quoted text here. Click to load it

Avira AntiVir looks good on paper, but it isn't all that much better than Norton
in real life.

ESET and Kaspersky are your best choices by far.

--
kerf



Re: win32.pinfi`



says...
Quoted text here. Click to load it

I disagree. I've been using Symantec Corp edition products for more than
a Decade and always felt they did a great job at protecting ours and our
clients computers.

Last week I had a case where I was surfing the web and hit a malicious
site and was redirected to a site filled with malware - it took seconds
for my computer to be compromised. Symantec didn't show a sign of
anything and didn't protect me from the malware via browser.

I cleaned the malware from the system, using MBAM and several other
tools - went back to the site, and my SEPP was the latest version and
fully patched, and it was compromised again.

Cleaned, etc.... Loaded Avira Free edition on the same computer and
visited the site again - this time Avira stopped the malware and gave me
a opportunity to ignore, deny, quarantine the malware.

I've moved all my own computers from SEPP to Avira and just started
seeing home users computers that are compromised with really nasty crap
that just went right past Norton/Symantec/McAfee/AVG....

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: win32.pinfi`



says...
Quoted text here. Click to load it

Since you appear to have missed it, I gave a FULL description of how and
why that system was compromised last week - posted in 4 different
security groups.

Since AV is only a small part of protection, since that computer was not
being protected by the same firewall rules as we protect the secure LAN
areas, it was clear how and why it was infected. In all my decades of
experience I have never had Symantec Corp products fail me, until this
one time - that's a far better record than any other AV product I've
used and tested during that time period.

What you seem to have missed is that I posted my FULL experience on this
issue, a compromised computer on an isolated network, and didn't have to
admit it, I did it because I'm ethical and honorable and don't have
anything to hide - unlike you.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: win32.pinfi`



Quoted text here. Click to load it

LOL idiot - it was clear that it was infected, the full description was
in the information I posted.

The network IS ISOLATED, but you fail to understand the scope of the
isolation, one can easily build a network isolated from all other
networks within their facility - as we did.

There was a lot of detail that you missed or already know and are lying
about idiot. Face it, you were owned in this thread too, proving you
have no skills and are just a pirate/theif.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: win32.pinfi`



Quoted text here. Click to load it

You're the one back peddling, my full description of the incident was
made public last week - you're making yourself look like the fool you
are Chris.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Site Timeline