How many of you use Windows? Well, it’s a bad……very bad idea to use it. I was using it lately just to find out that the system had a bunch of trojans! The user had no clue of it. Process: “wininit.exe”. If you use Windows Vista, see if you have that app running. It’s a WOLLF.16. Apparently, wininit.exe is a crucial system file in Vista, that if you try to kill it(which you will succeed), what do you see? A blue screen! Your system has just crashed!<\/p>\n
What is “wininit.exe” exactly?
\nIt looks for a file called “WinInit.INI”. If its found, it processes the commands found in this file. There is your malware hidden. It’s very dangerous when a filename crosses between legit, malware, etc.
\n![\"Vista](\"https:\/\/i0.wp.com\/judepereira.com\/blog\/postimages\/wininit.jpg\")
\n
\nSolution:
\nThe registry needs to edited to delete this Trojan<\/p>\n
1. Click START, RUN
\n2. Type REGEDIT and hit ENTER key
\n3. In the left panel, click the “+” to the left of the following:
\n HKEY_LOCAL_MACHINE
\n Software
\n Microsoft
\n Windows
\n CurrentVersion
\n Run
\n4. In the right panel, search for any of the registry key that contains the data value of bymer.scanner = “%virus path and filename%”
\nWhere %virus path and filename% is the complete path of the Trojan.
\n5. Make a note of the exact path to the virus, then close Regedit.
\n6. Restart the Computer in MS-DOS Mode.
\n7. Delete the file name referenced in Step 3 above
\n8. Reboot the system
\n9. Following the information in Steps 1 and 2, open Regedit and proceed to the Run line
\n10. In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry. Exit the registry.
\n11. Scan your system with an up-to-date antivirus program and clean any infected files<\/p>\n","protected":false},"excerpt":{"rendered":"
How many of you use Windows? Well, it’s a bad……very bad idea to use it. I was using it lately just to find out that the system had a bunch of trojans! The user had no clue of it. Process: “wininit.exe”. If you use Windows Vista, see if you have that app running. It’s a WOLLF.16. Apparently, wininit.exe is a crucial system file in Vista, that if you try to<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12],"tags":[15,14,16],"class_list":["post-27","post","type-post","status-publish","format-standard","hentry","category-misc","tag-vista","tag-windows","tag-wininit"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pqtyx-r","jetpack-related-posts":[{"id":2039,"url":"https:\/\/judepereira.com\/blog\/remapping-%c2%a7-to-brightness-keys-from-macos-sonoma-14-3-1\/","url_meta":{"origin":27,"position":0},"title":"Remapping \u00a7 to ~ + brightness keys from macOS Sonoma 14.3.1","author":"Jude Pereira","date":"February 20, 2024","format":false,"excerpt":"A year ago, I wrote about bringing the UK keyboard layout closer to the US one on my M2 Air here, however, that suddenly stopped working. While attempting to run the command involved by hand, I realised that it had to be executed as root. Apple updated macOS such that\u2026","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3,"url":"https:\/\/judepereira.com\/blog\/blog-up-and-running\/","url_meta":{"origin":27,"position":1},"title":"Blog Up and Running!","author":"Jude Pereira","date":"December 25, 2008","format":false,"excerpt":"All thanks to my sweet brother, Francis, he offered me this blog as a Christmas Gift. Thanks a lot. Visit him at blog.francispereira.com","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1824,"url":"https:\/\/judepereira.com\/blog\/java-9s-httpclient-doesnt-allow-custom-http-2-authorization-headers\/","url_meta":{"origin":27,"position":2},"title":"Java 9’s HttpClient doesn’t allow custom HTTP\/2 authorization headers","author":"Jude Pereira","date":"January 23, 2018","format":false,"excerpt":"TL;DR Java 9 HttpClient does not allow custom Authorization header unless you resort to a hack. Read more about my blog post on CleverTap's blog.","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1750,"url":"https:\/\/judepereira.com\/blog\/fbstart-accepts-matchbox-into-their-bootstrap-track\/","url_meta":{"origin":27,"position":3},"title":"FbStart accepts Matchbox into their Bootstrap track!","author":"Jude Pereira","date":"February 11, 2017","format":false,"excerpt":"\u00a0 This was\u00a0completely unexpected. Matchbox got accepted yesterday into FbStart's Bootstrap track, and has received a lot of freebies (worth $40K USD) to kickstart the platform's growth. Matchbox is born and bred in Mumbai, India. To be a part of the few apps in India to be accepted, means a\u2026","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"FbStart accepts Matchbox","src":"https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screen-Shot-2017-02-11-at-15.28.58-1024x400.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screen-Shot-2017-02-11-at-15.28.58-1024x400.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screen-Shot-2017-02-11-at-15.28.58-1024x400.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/Screen-Shot-2017-02-11-at-15.28.58-1024x400.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":2094,"url":"https:\/\/judepereira.com\/blog\/the-are-you-sure-chatgpt-hack\/","url_meta":{"origin":27,"position":4},"title":"The “Are you sure?” ChatGPT Hack","author":"Jude Pereira","date":"June 30, 2024","format":false,"excerpt":"The more I use ChatGPT, the more I tend to learn about its intricacies and nuances. One of my latest discoveries is the \"Are you sure?\" hack: Yet another example: This is just me trying to have some fun now ;) Both chats were with 4o. What's the take away?\u2026","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/judepereira.com\/blog\/wp-content\/uploads\/are-you-sure-1.gif?fit=400%2C223&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":38,"url":"https:\/\/judepereira.com\/blog\/happy-new-year\/","url_meta":{"origin":27,"position":5},"title":"Happy New Year","author":"Jude Pereira","date":"January 1, 2009","format":false,"excerpt":"Seasons change as time passes by. What's more? It's now 2009 years A.D.! People are joyful, partying all night long. May peace thrive the hearts of men and women as they set out on this new year! Peace to all and a Happy New Year to you and your Family!","rel":"","context":"In "miscellaneous"","block_context":{"text":"miscellaneous","link":"https:\/\/judepereira.com\/blog\/category\/misc\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/27","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/comments?post=27"}],"version-history":[{"count":7,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/27\/revisions"}],"predecessor-version":[{"id":251,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/posts\/27\/revisions\/251"}],"wp:attachment":[{"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/media?parent=27"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/categories?post=27"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/judepereira.com\/blog\/wp-json\/wp\/v2\/tags?post=27"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}