Vlk,
Maybe I can make up for it?
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
1. Adds the registry value:
PINF
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
2. Appends itself to Explorer.exe to remain memory-resident.
3. Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
4. W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file it creates is a UPX packed executable file. The temporary file will be executed by the virus, and it is this file that will attempt to infect files over network shares.
Forgive Oh Great Moderator!!