Infection messages?
in [Help and Support]
|
Prev: Cannot Install / Find Driver for Microsoft 2.4GHz Transceiver USB?
Next: Persistent Problem with USPS Shipping Assistant .Net Framework
From: Andy Walker on 8 Dec 2009 21:04 David H. Lipman wrote: >What OS are you referring to because NT based OS' don't use INI files. >Everything is pretty much stored in the Registry and evaluated there. > >Since this was x-posted to a WinXP group, the answer is NEVER. Not true, Dave. XP still uses INI files. boot.ini win.ini system.ini to name a few...
From: David H. Lipman on 8 Dec 2009 21:08 From: "Andy Walker" <awalker(a)nspank.invalid> | David H. Lipman wrote: >>What OS are you referring to because NT based OS' don't use INI files. >>Everything is pretty much stored in the Registry and evaluated there. >>Since this was x-posted to a WinXP group, the answer is NEVER. | Not true, Dave. XP still uses INI files. | boot.ini | win.ini | system.ini | to name a few... OK. BOOT.INI is only used to launch the OS or a different OS. It is interpreted before the WinGUI. WIN.INI and SYSTEM.INI are NOT really interpreted anymore. They ONLY exist for backwards compatibility purposes for Win9x/ME, and maybe Win3.1x programs that weren't written to use a registry. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: JD on 8 Dec 2009 21:33 The Real Truth MVP wrote: > Please David your ignorance and lack of knowledge is showing. You of all > people should know that malware writes to that key and since the issue > is there on EVERY boot if it gets deleted when run it gets put back in > there and you are WRONG about when that key gets read. > > Oh My god.. Don't you have software to fix this? Go away. Nobody needs your help. 8-) -- JD..
From: Rick on 9 Dec 2009 06:05 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:hfmpie02rbv(a)news3.newsguy.com: > >| When is wininit.ini processed? > > > > What OS are you referring to because NT based OS' don't use INI files. > Everything is pretty much stored in the Registry and evaluated there. > > Since this was x-posted to a WinXP group, the answer is NEVER. Not to be argumentative, but you're saying these folks are incorrect? http://www.aumha.org/a/loads.php http://support.microsoft.com/kb/140570 While I don't run into it as much as I used to, I still do find XP systems that appear to be using wininit.ini for file deletions/renames on occasion. -- Rick Simon rsimon(a)cris.com Include "spam(trap)key" somewhere in the body of any email to avoid spam filters.
From: David H. Lipman on 9 Dec 2009 06:50
From: "Rick" <rsimon(a)cris.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in | news:hfmpie02rbv(a)news3.newsguy.com: >>| When is wininit.ini processed? >> What OS are you referring to because NT based OS' don't use INI files. >> Everything is pretty much stored in the Registry and evaluated there. >> Since this was x-posted to a WinXP group, the answer is NEVER. | Not to be argumentative, but you're saying these folks are incorrect? | http://www.aumha.org/a/loads.php | http://support.microsoft.com/kb/140570 | While I don't run into it as much as I used to, I still do find XP systems | that appear to be using wininit.ini for file deletions/renames on occasion. Well the aumha article is for mostly Win9x/ME and the MS KB140570 is more for NT4 and Win9x/ME and you'll note mention of "Wininit.exe" which is NOT present in WinXP. So let me modify my NEVER answer to practically NEVER. Interpreting .INI files is an old construct that was used in Win9x/ME and and to a lesser degree in NT v3.5x and NT4 and thus *may* have some left over functionality in subsequent OS'. However for the most part, .INI files are no longer interpreted by the OS. Notice in the aumha article it states... "In Windows 2000 and XP, the WININIT.INI file, if existing, will be executed. However it is usually replaced by the �PendingFileRenameOperations� sub-key in the Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager." This shows that for backwards compatibility Win2k and WinXP may interpret WININIT.INI but has been really replaced by Registry functionality. This will not affect Robin's problem as the message "INFECTION: DOCUMENTS AND SETTINGS\ROBIN BIGNALL\COOKIES\INDEX.DAT COULD NOT BE REMOVED. FILE IS NO LONGER EXISTENT" occurs "before the logon screen" and would not be generated by such a process. This is presumed to be a security tool/utility in action. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |