Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

pilif.exe


Click here to scan for pilif.exe Related Errors and Optimize PC performance

pilif.exe
What is it?
pilif.exe is a file associated with the w32.Fili@mm worm.

What does it do?
W32.Fili@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and through peer-to-peer file-sharing networks. It can also spread via mIRC.

When W32.Fili@mm runs, it performs the following actions:
  1. Copies itself to %System%pilif.exe.

    Note: %System% is a variable that refers to the System folder. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
  2. Adds the value:

    "Pilif" = "%System%pilif.exe"

    to the registry key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

    so that the worm runs when Windows starts.
  3. Creates the following files:
    • %System%adrbook
    • mIRC folderManifesto Anti Censore Pilif.txt.exe
  4. Searches for KaZaA, Morpheus, eDonkey, Grokster, limewire, ICQ, and WinMX-shared directories and copies itself as:
    • Norton 2004 crack
    • Kasperky AV Universal Key
    • Dark Coderz Alliance
    • Anti-hacker Utility
    • Cracks mega warez collection
    • Sex - totally free porn
    • Easy credit card validation
    • Yahoo hacker
    • Webmail official hacker
    • Free porn sites accounts
  5. Adds the value:
"DisableTaskMgr" = "00000001"

To the registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
PoliciesSystem

to disable the task manager.

More info and removal instructions
@symantec

Fix pilif.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?


pilif.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: