Results 1 to 4 of 4

Thread: wininit.exe identifed as security risk by ProcessScanner but ZASS does not

  1. #1
    benreffell Guest

    Default wininit.exe identifed as security risk by ProcessScanner but ZASS does not

    I downloaded ProcessScanner from Uniblue today and did a scan, it identified wininit.exe as a security threat, but ZASS did not, details were

    wininit.exe
    File DetailsFile Path:c:\windows\system32
    File Size:0.001862
    Memory Usage:95744
    File Version:6.0.6000.16386 (vista_rtm.061101-2205)
    MD5:d4385b03e8cccee6f0ee249f827c1f3e
    Author:Unknown
    Part Of:Unknown
    Startup Method:Process
    Parent Process:smss.exe
    File Description:Windows Start-Up Application

    At the top it also showed it as a "high risk" and linked it to the WOLLF.16 virus.
    ZoneAlarm forum has only one old post linked to this, which does not offer an answer. After researching on the net I see the WOLLF virus is an old one that installed a trojan called WININIT.EXE ,the trojan can be identified as the name is in capitols and is located in a different folder to the real wininit.exe

    I have found two copies on my Vista system, they are in
    C:\Windows\System32
    C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf 6d3076595ce

    both appear to be legitimate files as they show up with Microsoft name in properties window,
    product version: 6.0.6000.16386,
    size: 93.5kb
    date modified 2/11/2006 7:45PM

    Should there be 2 on a Vista system? Or is one a virus?
    ZASS only shows one in the program list in the system32 folder, and if it's set to KILL Vista crashes, so I guess this must be the real one.

    I'm guessing that all is OK and that Uniblue's ProcessScanner is just trying to get people to use their other product to scan for viruses etc. and that ZASS and Vista could not be affected now by this (even an amended/updated trojan of this type??)

    Anyone else found this?
    Does everyone have these two files on their Vista systems?

    Ben

    System
    Vista Home Premuim (autoupdate)
    ZASS (autoupdate - hourly)

    Operating System:Windows Vista Home Premium
    Software Version:7.1 (Vista)
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: wininit.exe identifed as security risk by ProcessScanner but ZASS does not

    Hi!
    sounds like a false positive...
    upload the file to www.virustotal.com and see what other malware scanners says about the file.

    Never trust blindly a security program moreover if you are using it for the first time.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    benreffell Guest

    Default Re: wininit.exe identifed as security risk by ProcessScanner but ZASS does not

    Thanks Fax
    I checked both files on www.virustotal.com and they both came back negative.
    I'd not heard of that website before, I've bookmarked it as it is great to be able to double check one file at a time should we have any queries?

    Hope this post stops someone else from stressing!

    THANKS again for such a quick answer and keep up the great work
    (same goes to other gurus who's posts have help me at least a couple of times before)
    Ben

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: wininit.exe identifed as security risk by ProcessScanner but ZASS does not

    You're welcome!
    Thank you for taking the time to post back with the results.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •