|
>Have just disinfected the above virus which replicated all >*.exe files with the extension *.exe.RB0. >The files still remain and I should like to know if there is >a way to delete all from my C drive. (I'm running winXp >Pro).
You could always use the Search for *exe.RB0 (make sure you search for all files, and go to the Advanced options and tell it to search hidden and system as well) and then when found, select them all in the right pane and delete them.
I see no mention of that behaviour in any of the antivirus writeups. This is all symantec says about parite (they call it pinfi)
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
Enter parite in the search field and you'll find information about the virus, it's dll, and the dropper. http://www.trendmicro.com/vinfo/virusencyclo/
>Also a message said that certain windows files had changed >and asked me to insert disc for SP1 but as I downloaded said >file fr m Microsoft site how can I 'enable' it. >Thanx >E
I don't know the answer to that one, as SFC doesn't give you a way to choose a path for the installation sources. I would have thought it would know to go to the ServicePackFiles directory for those files. You could probably just ignore that message for now, or try reinstalling SP1 (and then any updates you've done since then) if it will let you. I wish SFC had a better interface that tells you WHAT files, and allow you to choose a location. But alas, it's not designed for that. The Windows 98 SFC program was quite useful, back in the day.
What's probably happened is that disinfecting changed the size of some of the files, and/or the checksum is different. The files could be OK, or some of them might be slightly corrupted. Removing viruses from files doesn't always leave them intact.
This can be a tricky virus... it's a polymorphic file infector (exe and scr) and could still be somewhere in the nooks and crannies. I have seen pinfi show up in one scan, not show up in a subsequent one, then show up again. What I'd probably do here, especially seeing as this infection was catastrophic, is get your personal files backed up and wipe that system and start over. It may not be necessary to do that, as it doesn't even have an intentional destructive payload (it exists solely to infect) so it's up to you to decide. Maybe try to save your installation, fix any corrupted files, but if you're going to have difficulties due to corrupted files that you can't fix, don't waste time. See how it goes. Grogan
|