Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Pinfi.A

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 18 Oct 2001 03:00:00
Description created 12 Mar 2003 04:16:00
Description updated 12 Mar 2003 04:16:00
Malware type VIRUS
Alias Win32.Parite.b
W32/Pate.b
PE_PARITE.B
Spreading mechanism FILE_INFECTION
NETWORK
Summary None

W32/Pinfi.A

Spreading

When a Pinfi-infected file is run, the virus creates a file in the TEMP folder. This file will have a semi-random name with a *.TMP extension, and the virus will call this file in order to create the main infection routine.

The temp file is not a regular executable program. It is a library of functions, a so-called DLL. This DLL attaches itself to the Explorer process in memory in order to remain memory resident. No viral process will be visible in the task list.

The virus looks for *.exe and *.scr files on the local computer and on shared network drives to infect.

The virus will also add a registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer PINF = (path to temp file)



Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11