Thursday, March 15, 2007

PFW.pif virus or worm or trojan pfw.exe

PFW.pif was a hidden file I first saw in a pen drive (also variously called flash drive to thumb drive to thumbnail drive)

Anyway the hidden file is labelled as an MSDOS shortcut but it is a trojan or worm or virus or whatever.

How does PFW .pif spread ?
It has an autorun.inf file also in the root folder of the pen drive.

How do you remove it ...

If you have AVG free edition 7.5 installed and have the latest virus definitions, it is more than enough.

I'm not sure about Norton but if it is not updated, I guarantee that it will NOT catch this virus.

Manually remove the virus if you can !

  1. Right click and Open Pen Drive (Autoplay will run the virus - Don't double click)
  2. Delete Pfw.pif and autorun.inf from the pen drive
  3. Press Alt-Ctrl-Del End PFW.pif
  4. Tools> Folder options> View hidden files
  5. Delete C:\windows\system32\pfw.exe (it's a hidden file)
  6. Registry Go to > HKCU>Sofrware>Microsoft>Windows>Current version>Explorer>Mountpoints2>(crazy names)>Shell>
    1. Make backup of registry
    2. Delete the Subkeys Shell which have Autoplay as default value (I'll explain this in detail later)
    3. http://www.johndasfundas.blogspot.com

No comments:

© FunDa of www.FunDaZone.com
Subscribe to these websites at
FunDaZone.Com RSS feed


More tips and tricks for softwares and websites !!!

RSS syndication