program stalls on scan of "winint" not responding

  • Thread starter Thread starter Wes
  • Start date Start date
W

Wes

Hello,
Hope somebody might be able to help.
looks like the machine i am working on is infected with
ibis toolbar. Have tried everthing whi is how I found
Microsoft AntiSpy but I am having a problem with. When I
run a full deep scan in "safe mode" or under normal
opperation Antyspy seems to stall when ever it gets
to "wininit" and then becomes unresponsive all together.
Any Ideas would be much appreciated! No Joke!!! help lol;)
Thanks
 
p.s..... even with admin rights i am getting "access
denied" basically won't let me view or change make any
changes in wininit, win.ini ect also won't allow me to
delete refernece to IBIS "wintools..." in the registry.
Was hoping MSAS would be able to solve this problem but i
get get it to complete a scan..
 
p.s..... even with admin rights i am getting "access
denied" basically won't let me view or change make any
changes in wininit, win.ini ect also won't allow me to
delete refernece to IBIS "wintools..." in the registry.
Was hoping MSAS would be able to solve this problem but i
get get it to complete a scan..
Click to expand...

Maybe this will help http://www.iamnotageek.com/a/370-p1.php
 
Hi Wes,

Can you search for the wininit.ini file in the Windows
Folder and then right click the file and open it with
notepad. Im curious what the text contains,If it has
anything like this below post the full contents back :

`[Rename]
`NUL=C:\DOCUME~1\USER\LOCALS~1\Temp\ginstall.dll
`NUL=

This would enable malware if thats who created it to
reinstall every time you reboot even before you log in.

If you have recently installed other programs then this
could explain why the wininit.ini file exists because
really if you are not installing anything the file should
be empty,Its only use is when files that are installing
need to overwrite files that are running on your system
so it writes the info to the wininit.ini file so that it
finishes when you reboot.

The using of the .ini file is temporary by programs, who
install and might not finish the install due to using
dlls by windows.when you are not installing anything, you
can do nothing wrong when you delete this file. any
program that might need it, will create it.

First check the wininit.ini file for any signs of it
being replaced or damaged & post back the contents if
needed



For IBIS run a full scan in safe mode by rebooting and
keep tapping F8 then choose safemode from the list. Also
use this fixtool by Symantecs and checking Add/Remove
screen if you have any problems.

Download this fixtool by symantec for this

http://securityresponse.symantec.com/avcenter/FxWebsch.exe


Save to desktop, run the fix tool in safe mode

First Check Add/remove screen for these and remove if
found:

TS Toolbar
Toolbar
WinTools
WebOffer
Websearch
WebSearch Toolbar
Win-Tools Easy Installer

Let us know if you have any problems

Regards Andy
 
Back
Top