I downloaded ProcessScanner from Uniblue today and did a scan, it identified wininit.exe as a security threat, but ZASS did not, details were
File DetailsFile Path:c:\windows\system32
File Version:6.0.6000.16386 (vista_rtm.061101-2205)
File Description:Windows Start-Up Application
At the top it also showed it as a "high risk" and linked it to the WOLLF.16 virus.
ZoneAlarm forum has only one old post linked to this, which does not offer an answer. After researching on the net I see the WOLLF virus is an old one that installed a trojan called WININIT.EXE ,the trojan can be identified as the name is in capitols and is located in a different folder to the real wininit.exe
I have found two copies on my Vista system, they are in
both appear to be legitimate files as they show up with Microsoft name in properties window,
product version: 6.0.6000.16386,
date modified 2/11/2006 7:45PM
Should there be 2 on a Vista system? Or is one a virus?
ZASS only shows one in the program list in the system32 folder, and if it's set to KILL Vista crashes, so I guess this must be the real one.
I'm guessing that all is OK and that Uniblue's ProcessScanner is just trying to get people to use their other product to scan for viruses etc. and that ZASS and Vista could not be affected now by this (even an amended/updated trojan of this type??)
Anyone else found this?
Does everyone have these two files on their Vista systems?
Vista Home Premuim (autoupdate)
ZASS (autoupdate - hourly)
Operating System:Windows Vista Home Premium
Software Version:7.1 (Vista)
Product Name:ZoneAlarm Internet Security Suite