Financial Daily from THE HINDU group of publications
Monday, May 09, 2005
Financial Daily from THE HINDU group of publications Monday, May 09, 2005 |
|
|
|
|
|
eWorld
-
Computer Usage Columns - Tip Off Virus intrusion
I am facing a problem with a malicious script and a file, both dropping in whenever I am online. The problem begins with intermittent arrival of an incoming infected file by name either rss.exe or ras.exe or rax.exe, which gets deposited into the root of my C:/ Drive. Norton AV 2002 immediately springs into action, alerting me of a virus, identifying the intruder file as having W32.Pinfi virus. It repairs the file. This is followed by Internet Explorer trying to open a page with C:/trufkz.html as address. A Security warning with Verisign popup comes up. I close both the items and delete the offending files from my hdd. This whole process goes on for a number of times. I have tried running Ad-aware SE as well as Spy Sweeper but with no successful detection. Luckily NAV is able to identify and repair the infection. But this is no solution. How can I stop the intruder from getting into my PC in the first place? I am using a Celeron 1.2G, 40Gb HDD system with 128 MB RAM, running Windows 2000. Please suggest a solution. Biren Gupta Please ensure that you have installed Windows 2000 Service Pack 4, which has all the latest updates and patches. If you have not installed it, you can get it from this URL: http://www.microsoft.com/ windows2000/downloads/ servicepacks/sp4/default.asp, Next, check that your NAV is up-to-date (otherwise you'll have to run a Live Update) and that `Real time protection' is enabled for your Norton Antivirus. You can right-click on the NAV icon in the task bar to see if the `Enable Real time protection' is ticked. Otherwise, please double-click on the NAV icon and enable real time protection. Next, restart the system in safe mode, and run a complete scan of the system. Additionally, you will also need to remove an entry in the registry as recommended by Symantec. To do this, click on Start -{gt} Run and type in "regedit" and press enter. Click on file -{gt} Export, type in a file name, and save the registry in a location. Next navigate to the following location in the registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer In the right panel, delete the value "PINF", close the registry and restart the system. Regarding the Adware scan, the Adaware SE is also like your NAV. It needs to be updated regularly so that it has the latest database of adwares and spywares. Hence please update your Adaware or any other anti-spyware tool you have, and then scan the system, preferably in safe mode.
Please e-mail us at eworld@thehindu.co.in if you have queries on computer usage or if you find an interesting way of using a computer.
Solution by G. Rajah
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2005, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|