Re: Infection messages?

Discussion in 'Virus Information' started by Daave, Nov 23, 2009.

  1. From: "Rick" <>



    | Yes, I'm aware of how .ini files have been used going back through Win3.x.



    | I'm also aware of how wininit.ini is just a hangover and there are other,
    | preferred methods of doing the same thing. According to the aumha article
    | however, even though it is not the preferred method, Win XP will execute
    | the instructions in a wininit.ini file if one is found.



    | And this is where my original question comes in. Just where in the boot
    | process does wininit.ini get processed? Since the aumha article points out
    | that:

    | a) "WININIT.INI is used to complete Windows and program installation steps
    | that cannot be completed while Windows is running"

    | b) "During the boot process, Windows checks to see if there is a
    | WININIT.INI file and, if it finds one, executes its instructions."

    | c) and specifies that Windows XP will execute such a file, if it exists
    | (assumedly to maintain backwards compatibility)


    | I was just curious if anyone happened to know where in the boot process
    | that execution was performed. Whether it was before or after the logon
    | process.


    Rick I think you have a good point in that if the WININIT.INI file is found by the OS it
    will do a a file move/delete function "before the logon screen" which is 100% relevant to
    Robin's problem.

    However, this is a silent function. No screen displays and certainly not "INFECTION:...".

    Since you know this INI file and its directives, maybe you could create a test and see
    what it does.
     
    David H. Lipman, Dec 9, 2009
    #41
    1. Advertisements

  2. Daave

    Buffalo Guest

    Robin Bignall wrote:
    [snip]
    Dl and instal a free anti-virus program like Avira AntiVir and install it.
    Disable or uninstall your present anti-virus program (A-squared)
    Uninstall your anti-malware programs and install the free version of
    MalwareBytes AntiMalware.
    Use it to scan frequently.
    See if you have the same problem. If not, install each of the programs you
    uninstalled or disabled one at a time to see if you can find out which one
    causes the problem.
    I don't think you ever said you installed and ran the free version of MBAM
    (MalwareBytes Anti-Malware) and the free version of SAS (SuperAntiSpyware).
    If you didn't (this is a damn long thread) please do it.
    Buffalo
     
    Buffalo, Dec 10, 2009
    #42
    1. Advertisements

  3. A² (A-Squared) is an anti-spyware program, not an anti-virus program.
    There should be no conflict with anything, assuming of course you don't
    set full-time scanners in action.

    http://www.emsisoft.com/en/ (pay)
    http://www.emsisoft.com/en/software/free/ (free)
     
    Beauregard T. Shagnasty, Dec 10, 2009
    #43
  4. Daave

    Buffalo Guest

    Right you are. Sorry.
    I now realize that Robin uses Kaspersky.
    Ok, Robin, disable or uninstall Kaspersky and use the free version of Avira
    AntiVir temporarily.\
    Since even Lipman can't nail it, please post back on what program is causing
    the message.
    Thanks,
    Buffalo
     
    Buffalo, Dec 10, 2009
    #44
  5. From: "Buffalo" <>

    | Right you are. Sorry.
    | I now realize that Robin uses Kaspersky.
    | Ok, Robin, disable or uninstall Kaspersky and use the free version of Avira
    | AntiVir temporarily.\
    | Since even Lipman can't nail it, please post back on what program is causing
    | the message.
    | Thanks,
    | Buffalo

    Robin has already indicated NUMEROUS anti malware scans have been performewd with nothing
    being found.

    We do NOT know what security program is generating this message. That is the problem.
     
    David H. Lipman, Dec 10, 2009
    #45
  6. Daave

    Buffalo Guest

    That is why I recommended that he disable or uninstall his anti-virus and
    anti-malware programs and install Avira AntiVir and free MBAM and hopefully
    the free SAS. ( I don't think he ever said that he tried them both)
    If the above doesn't change things, then that would indicate a different
    security program causing the problem.
    Buffalo
     
    Buffalo, Dec 10, 2009
    #46
  7. Just to save you reading back in the thread, I have SAS Pro, which is
    not free, and MBAM, which is. I also run ActiveScan 2, which was
    recommended, together with Kaspersky, by AumHa. I don't intend to
    through the process of uninstalling Kaspersky.
     
    Robin Bignall, Dec 10, 2009
    #47
  8. Daave

    Buffalo Guest

    Robin Bignall wrote:
    [snip]
    OK, missed that point. If you disable Kaspersky and just use the free Avira
    AntiVir and no message comes up, perhaps it is Kaspersky doing it.
    Doesn't really seem like it's worth the trouble overall.
    Buffalo
    PS: If you ever find out what it is, please post back.
     
    Buffalo, Dec 10, 2009
    #48
  9. I certainly will.
     
    Robin Bignall, Dec 10, 2009
    #49
  10. I'm running Avira now.
     
    Robin Bignall, Dec 10, 2009
    #50
  11. And it found nothing.
     
    Robin Bignall, Dec 10, 2009
    #51
  12. Daave

    Buffalo Guest

    Perhaps just let Avira run for several days while Kaspersky is disabled, if
    you wish.
    Buffalo
     
    Buffalo, Dec 10, 2009
    #52
  13. ["infected" messages before logon screen]
    I don't think it'll find anything.
    There appears to be no rhyme or reason behind these messages. For
    example, when I rebooted last night, there were hundreds of these
    messages, in bunches. I can't tell how many are in a bunch, maybe 32
    or 64. A bunch scrolls for about five seconds, there's a two second
    gap, then another bunch scrolls, and so on. Last night there were four
    of these bunches, plus half a screen of bunch five. Tonight when I
    booted there were just two of these messages (not two bunches). I
    booted again and there were none. I've found this behaviour before.
    These messages seem to come and go.

    I just again checked the contents of all files on c: and d:, and the
    registry, for the string "infection", without finding anything
    associated in any way with an executable. Weird.
     
    Robin Bignall, Dec 11, 2009
    #53
  14. Daave

    Buffalo Guest

    I was just suggesting that possibly Kaspersky could be the culprit and
    disabling it and only running Avira to see if the messages stop.
    However, I really doubt Kaspersky would react that way.
    We know 'something' is generating the messages and hopefully there is
    someone in this ng that would have a good suggestion for a program that
    could monitor all the startups.
    Buffalo
    PS: It will be interesting to see what caused it. :)
    And, do you have more than one (1) antivirus program running in real time,
    such as Windows Defender?
     
    Buffalo, Dec 11, 2009
    #54
  15. Do you use "Windows Washer" or some similar program?
     
    FromTheRafters, Dec 12, 2009
    #55
  16. Daave

    Daave Guest

    If you configue a Clean Boot, do you still get these messages?
     
    Daave, Dec 12, 2009
    #56
  17. Window washer no mail washer pro yes.


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Dec 12, 2009
    #57
  18. Daave

    Leythos Guest

    I see you're still stalking myself and other in every post you make -
    shows just how unethical you are.
     
    Leythos, Dec 12, 2009
    #58
  19. No, only what's in IE8 and CCleaner.
     
    Robin Bignall, Dec 12, 2009
    #59
  20. Actually Robin you do have Mail Washer Pro installed unless you've
    uninstalled it in the past few days. It shows up in your log file.



    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




    No, only what's in IE8 and CCleaner.
     
    The Real Truth MVP, Dec 12, 2009
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.