Virus - Pipex.4.W.

  floydking 19:01 24 Apr 04
Locked

I keep getting a computer virus that AVG tells me is called Pipex.4.W. I went to their virus encyclopaedia following two 'attacks' from the little swine, but surprisingly it didn't contain any information. This isn't a psudonym for 'Netsky' is it? It's the 'W' that makes me think that it may be.

  ade.h 00:30 25 Apr 04

Nothing shows up in Google.

When you say you keep getting it, do you mean AVG removes it and then it comes back?

Do you use Pipex broadband? If so, it might be a normal install file. Possibly. Check their FAQs to be sure.

If it is a genuine virus, make sure System Restore is disabled before trying to remove it again. That'll be where it's hiding.

  floydking 01:33 25 Apr 04

AVG tells me that it's there and that it will 'capture' it. Initially it failed to even capture it, but since downloading the latest AVG updates (which I do regularly - try for one twice a day!), it quarantines the virus without any trouble. I have even found the virus myself and watched it vanish from the relevant page - what a lovely experience that is!
I don't use Pipex broadband, but NTL.
It inevitably hides in System restore and fascinatinly keeps evolving itself. Initially it would simply have it's code printed on the relevant file. It then changed into a barcode icon and called itself 'flash' something. The last couple of times it has used a correct file name, but pluralised it, and the last time it added a 'c' to the end of a file name so that it appeared as a logical looking 'sc'.
When I used to delete it myself, i did used to reboot, which someone advised me to do from this forum. Now it is quarantined I can't see that there is any point in rebooting, but still I hear a 'heart sinking' thud over the music I invariably have playing, only to find AVGs 'placard' telling me that it has taken up residence once again, and so it goes on! It is described as a Trojan which is a bit of a nuisance as this obviously opens the door more easily to other little niceties!

  floydking 08:28 25 Apr 04

I have just logged back on to find the AVG placard facing me again, telling me that I had Pipex.4.W on board and that it duly 'arrested' it during it's scheduled run at 7 a.m. This time it called itself Upto.exe and was in system 32 once again. Upto no good I would say. Please if anyone else is experiencing anything like this would they let me know? This is becoming a very strange bore.

  floydking 09:33 25 Apr 04

It has just been back again! Still in the guise of Upto.exe. Once again, just a couple of hours later. I allowed AVG to quarantine it again. Will keep reporting for the 'good' of us all.

  floydking 09:43 25 Apr 04

Another strange thing is that I have tried both the msgconfig and the Taskmanager routes, both to no avail, as the thing doesn't even appear on either. I also run 'Wintasks Pro'.

  mikef. 11:21 25 Apr 04

Sounds like it's in system restore if it keeps finding it, you will have to disable system restore, rescan, reboot and re enable system restore in that order. You will loose all you restore points but if it is there it is the only way.

  floydking 12:42 25 Apr 04

Thanks mikef. But so long as it isn't 'serious' I am finding it rather interesting. I wasn't aware that you had replied as I haven't looked at my mail for a while.
I returned to say that it had come back again, but this time as mspack.exe.
If anyone out there with more knowledge than I have advises me to rid myself of it I will do immediately in the way that you suggest, but until then 'in the interests of science.........' Do you think it's too risky to continue to watch it?
At least I'm not on dial up, otherwise I would take it off immediately. This has happened to me while I was on dial up and I was stung for 40 quid. Having reported it to ICSTIS along with many other people apparently, they banned the firm concerned for a time and fined them £50,000. So those of us who complained effectively helped to contribute 50 grand to ICSTIS who gave us the advise to sue a firm in Spain - which seemed a little bit pointless, as we would have been attempting to sue a professional criminal overseas! Maybe another string should be started on this.

  floydking 14:40 25 Apr 04

In case anyone else should be experiencing this I have just had another look in AVGs virus vault and these are just the most recent psusonyms this thing uses:
FLASHUP.EXE (appears as though it were a bar code)
MSPOOL.EXE
MSVCHOST.EXE
MSMSS.EXE
SSPOOL.EXE
MSPLAYER.EXE
SYSTEMM.EXE
SVCHOSTS.EXE (TWICE)
CRSC.EXE
UP1.EXE
UP2.EXE
MSPACK.EXE
As you can see with it's similarity to 'genuine' programs this thing has a sense of humour. Very odd that no-one else seems to be getting (had) it. Floyd.

  floydking 14:40 25 Apr 04

In case anyone else should be experiencing this I have just had another look in AVGs virus vault and these are just the most recent psusonyms this thing uses:
FLASHUP.EXE (appears as though it were a bar code)
MSPOOL.EXE
MSVCHOST.EXE
MSMSS.EXE
SSPOOL.EXE
MSPLAYER.EXE
SYSTEMM.EXE
SVCHOSTS.EXE (TWICE)
CRSC.EXE
UP1.EXE
UP2.EXE
MSPACK.EXE
As you can see with it's similarity to 'genuine' programs this thing has a sense of humour. Very odd that no-one else seems to be getting (had) it. Floyd.

  floydking 14:41 25 Apr 04

Sorry about the finger twitching repatition!

This thread is now locked and can not be replied to.

iPhone 7 review: a range of small updates add up to an excellent phone

1995-2015: How technology has changed the world in 20 years

How New York’s Stylin’ Seniors became a golden social media campaign

23 Apple Watch tips & secret features: Master your Apple Watch, Apple Watch Series 1 or Apple…