Hi.  I am a Norton Security Suite customer via Comcast.

Whenever I start my computer in Windows 7, I get the alert from Norton stating the following: Norton Security Suite – Action Required – Norton Security Suite has detected threats that need your attention. Threat Details – Risk High, Title: W32.Pinfi Remove Failed Access Denied – Status: Remove Failed, Action: Rescan*.  I then hit OK, to rescan.  After rescan, the Status again states Remove Failed.  So, I use the arrow key next to rescan to change the option to Get Help and select OK. 

At this point, two things happen: (1) I get taken to a Norton web page that gives me instructions on how to remove a virus, and (2) The Norton warning page changes to state “All detected security risks have been resolved.  Risk: blank, Title: There are no items that require attention, Status: blank, Action: Blank.  (But, whenever I start Windows 7, I still get the warning message regarding the Win32.Pinfi virus.)

The website I get taken to is the following: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2003-011708-2030-99 .

The removal instructions from the above web page is:

1. Disable System Restore.
2. Update the virus definitions.
3. Restart the computer in Safe mode (Windows 95/98/Me/2000/XP) of VGA mode (Windows NT).
4. Run a full system scan and repair all the files detected as W32.Pinfi.
5. Reverse the value that the virus added to the registry.

I follow these instructions.  However, when I run a full system scan in Safe mode, Norton does not detect W32.Pinfi.  The instruction (#5) instructs me to do the following:

1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit, and then click OK. (The Registry Editor opens.)
3. Navigate to the key: 
   
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

1. In the right pane, delete the value: PINF
2. Exit the Registry Editor.

However, there is no value PINF at this location.  I searched all of Registry Editor for the value PINF and it does not exist.

When I go to Norton Security History after I open Windows normally and I get the error message, get sent to the webpage, get the “All detected security risks have been resolved” message, I get the following information: Norton Security Suite, Security History, Severity: High, Activity: W32.Pinfi detected by Auto-Protect, Status: Attention Required, Date & Time: 3/31/2010 9:08:40 AM.  Alert Details – Risk Name W32.Pinfi, Risk Category: Virus, Severity: High (one red dot), Component: Auto-Protect, Risk Status: Removal Failed (access denied), Recommended Action: Remove This Security Risk Now.

I have run Windows Defender and Windows OneCare Safety Scan (http://onecare.live.com/site/en-us/center/howsafe.htm) and they do not detect the Win32.Pinfi virus.

What can I do to get rid of this virus?  When I go to Norton Online Chat, they tell me all they can do is charge me $99 to have my PC cleaned by experts.  However, I don’t think I should have to pay $99 to get your software to work.  Y

Please help.  Thanks.

Hello!

Congratulations about the Pinfi infection (just kidding) . Pinfi (also known as Parite) is serious file infector polymorphic threat . Most of the times it is not possible to repair the infected by the virus files because it has infected files that belong to the operating system and these are files in use .

The best practise here is to scan your computer from non-Windows environment . This means you should boot your computer not from the hard drive (from the partion with that Windows0 but from an external drive such as CD/DVD or bootable flash.

I am not sure if you can use the Norton bootbale recovery tool because you use the Comcast version.

You can also try the DrWeb Live CD

http://www.freedrweb.com/livecd/?lng=en

ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-5.0.2.iso

You download this , have a new CD (empty one) and burn this using Windows 7's built-in option (right click the file). Then boot from the disk and perform scan and clean.

Hopefully someone else could post information if you can use the bootable recovery tool.

Well, I got this fixed.  For anyone else out there having the same problem, here's my advice:

1.  Don't waste your time going to Norton for support.  The only support they offer is with installation.  If their software doesn't work, they will only help you after you pay $99.

2.  Uninstall Norton and then reinstall Norton (or another virus software that offers support).

The problem was that Norton was giving an inaccurate message.  Once it was reinstalled, the virus message went away.

For more complete information, see http://www.bleepingcomputer.com/forums/index.php?showtopic=307050&st=0&gopid=1704613&#entry1704613 

---

carsokk wrote:

Well, I got this fixed.  For anyone else out there having the same problem, here's my advice:

 

1.  Don't waste your time going to Norton for support.  The only support they offer is with installation.  If their software doesn't work, they will only help you after you pay $99.

2.  Uninstall Norton and then reinstall Norton (or another virus software that offers support).

 

The problem was that Norton was giving an inaccurate message.  Once it was reinstalled, the virus message went away.

 

For more complete information, see http://www.bleepingcomputer.com/forums/index.php?showtopic=307050&st=0&gopid=1704613&#entry1704613 

---

I'm sorry about your bad experience with Norton support but now that you know about these Forums do please come back if you have a problem, or advice to give. The support here is absolutely first class both from users and from Symantec Staff (names in red).

Norton does have a procedure for submitting files if you think you are getting a false positive but if I understand your comment about "an inaccurate message" you mean that the advice in the Norton document was not correct? If that is so perhaps you could confirm and we'll see what Norton can do to update the document -- they do do this based on user reports.

My experience with Norton regarding this was:

1.  As it turned out, the Norton Software informed me that I had a virus I didn't have.

2.  Online chat support is a waste of time.  They only offer support for installation.  It seems like their whole purpose is to upsell you to a $99 service to diagnose your issue.

3.  I followed the steps to get rid of the W32.Pinfi virus that is provided online , but it did not work....probably because there was no virus to delete.

4. I tried to email Norton, but the email form does not work.  I submitted the email and the screen indicated it was "working".  I went to bed and it was still "working" in the morning.

5. I found nothing online to submit a problem anywhere else.

I am a Norton customer because it was provided by Comcast.  I miss my McAfee software that Comcast used to provide.  It worked and McAfee provides support.

Hello carsokk

Before you installed CNSS, did you use the McAfee removal tool to remove your prior security program? When you were told you had the virus, did it mention what file had the virus?