Fixing W32.Pinfi On Our Network

This was perhaps the most satisfying thing I have done while at MICA.

Let me give some background.  Prior to working at MICA I believed one could live without a virus scanner.  I had managed to evade virii all through college, and then continue to evade them by not clicking on the attachments in my email that were clearly virii.  Upon arrival to MICA my machine became so hosed with this W32.Pinfi virus that I needed to reformat it.  I got infected by our department file shares.  Since then I have found it prudent to use a virus scanner.

Now, 2 years later, I have finally found the source of this virus which has been infecting our public website, PeopleSoft Application Servers, and file shares for years.

I ended up finding this when we reformatted one of the frequently infected machines.  Within a day of the machine being back on the network it was completely reinfected with the virus.  I found in the windows event log the login audit for the machine responsible for reinfected our servers, and took it off line.

Coincidentally this machine was also a backdoor into our network.  I insisted it be disabled, since people could use our VPN–the legitimate way to get onto our network.

April 29, 2009 • Tags: , • Posted in: Technology • No Comments