Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!


Click here to scan for pilif.exe Related Errors and Optimize PC performance

What is it?
pilif.exe is a file associated with the w32.Fili@mm worm.

What does it do?
W32.Fili@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and through peer-to-peer file-sharing networks. It can also spread via mIRC.

When W32.Fili@mm runs, it performs the following actions:
  1. Copies itself to %System%pilif.exe.

    Note: %System% is a variable that refers to the System folder. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
  2. Adds the value:

    "Pilif" = "%System%pilif.exe"

    to the registry key:


    so that the worm runs when Windows starts.
  3. Creates the following files:
    • %System%adrbook
    • mIRC folderManifesto Anti Censore Pilif.txt.exe
  4. Searches for KaZaA, Morpheus, eDonkey, Grokster, limewire, ICQ, and WinMX-shared directories and copies itself as:
    • Norton 2004 crack
    • Kasperky AV Universal Key
    • Dark Coderz Alliance
    • Anti-hacker Utility
    • Cracks mega warez collection
    • Sex - totally free porn
    • Easy credit card validation
    • Yahoo hacker
    • Webmail official hacker
    • Free porn sites accounts
  5. Adds the value:
"DisableTaskMgr" = "00000001"

To the registry key:

to disable the task manager.

More info and removal instructions

Fix pilif.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?

pilif.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: