Anyway the hidden file is labelled as an MSDOS shortcut but it is a trojan or worm or virus or whatever.
How does PFW .pif spread ?
It has an autorun.inf file also in the root folder of the pen drive.
How do you remove it ...
If you have AVG free edition 7.5 installed and have the latest virus definitions, it is more than enough.
I'm not sure about Norton but if it is not updated, I guarantee that it will NOT catch this virus.
Manually remove the virus if you can !
Follow these steps
- Press Ctrl-Alt-Del . Task Manager opens. Choose Processes. Select PFW.exe . And click End Task
- Right click and Open Pen Drive (Autoplay will run the virus - Don't double click)
- Delete Pfw.pif and autorun.inf from the pen drive
- In My Computer, click Tools> Folder options> View - Show hidden and system files
- Delete C:\windows\system32\pfw.exe (it's a hidden file)
- Registry (Type regedit in Start >Run) Go to > HKCU>Sofrware>Microsoft>Windows>Current version>Explorer>Mountpoints2>(crazy names)
- Make backup of registry (right click Mount Points 2 and export file)
- Delete the names in mountpionts2 which are just a string of letters and numbers (not all of them are harmful, but this is easier) Don't delete C, D,E etc
- All finished. pfw.pif / pfw.exe is gone from your computer. Delete the virus from all the pen drives.
- Or to be careful , delete only the subkeys Shell which have Autoplay as default value (I'll explain this in detail later)
- http://www.johndasfundas.blogspot.com
No comments:
Post a Comment