March 4th, 2002 07:40 PM
everytime the wininit.ini file is present in the windows directory, windows will not load(win98). when i delete it, everything works fine, but the wininit.ini file appears everytime i install something. what kind of virus or program could be causing this?? i have norton antivirus corp. edition and a virus scan shows no viruses, do i have to scan from DOS?? how can i scan from DOS? i need this fixed ASAP, as it is my bosses computer and he wants it fixed now.
March 4th, 2002 07:46 PM
Visit http://sysinternals.com/ you can download a utility that shows what processes are using which files -this might point u in the proper direction.
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
March 4th, 2002 07:48 PM
This is the Bymer worm, check here for the variant that you are infected with.
I've seen the wininit.exe recreate itself at bootup even after supposedly purging proper files.
March 4th, 2002 08:12 PM
no, i dont think that it is the bymer worm. it is not showing any of those symptoms. what would be looking for the wininit.ini file??
March 4th, 2002 08:28 PM
Jeff, there are several viruses that could cause this problem. Nimbda is one and W95.mtx is another. MTX prevents NAV from updating further so that could be why you're running a clean scan.
I just smell virus..
March 4th, 2002 08:34 PM
Well for one the wininit.ini is modified by Nortons to run some of it's rpc's and tsr's. So look in your settings of Norton and the auto-update features of the Live-Update from symantech. Turn the settings off in Norton and then reboot. This may fix it if not contact Symantec support. MS has an issue with this problem in ME. It may affect 98SE as well. See MS:
Originally posted here by jjcampbe
what would be looking for the wininit.ini file??
The problem you describe can occur if a file named wininit.ini is present in the Windows folder. That file indicates that there has been an incomplete installation or removal of an application or system update, and system file changes are pending. The first thing to do when you get this error is restart the computer as it suggests. If there is an uninstall or system update pending, it might complete itself. If the error still occurs, search the hard drive for the presence of the wininit.ini file, then rename it. To do so, restart your computer in Safe Mode. Click Start, then Search, then click For Files or Folders. In the Named box, type wininit.ini. In the Look In box, click Local hard drives, then click Find Now. Right-click on the wininit.ini file, click Rename, type wininit.old, then click OK. Close the Find Files window. Restart the computer in Normal mode. Hope this helps.
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
March 4th, 2002 09:02 PM
can you run those removal tools from DOS?? can i run a virus scan from DOS, or savemode and how?? if i just reinstall norton will that be able to find it?? it doesnt let me scan a computer from savemode, how can i do it?
March 4th, 2002 09:23 PM
Go to those links I provided and follow their directions. That will tell what to look for within the registery and give you removal directions.
March 4th, 2002 09:40 PM
there is nothing in the registry. i have checked it 100 times. i did everything it said to remove the goner virus, i think that something else is screwd up becuase of it. anyone have any ideas???
March 4th, 2002 09:45 PM
Now you tell us you had the goner virus on there...
If such a process is found, the worm will delete the executable file and all files contained within the same folder and subfolders where the given file resides. If the files are in use and cannot be deleted, the file %SYSTEM%\Wininit.ini is created, and is used to delete the files when the computer restarts.
Click here for info on Goner..sounds like you have some cleanup to do still.