Infection messages?
in [Windows Viruses]
|
From: David H. Lipman on 8 Dec 2009 19:04 From: "Rick" <rsimon(a)cris.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in | news:hfml4n02nml(a)news3.newsguy.com: >> And it is even really a "sensible" suggestion as the RunOnce key is >> just that, it runs only once then the contents of that Registry key is >> removed. Therefore if it did run, by the time the person examined it, >> it would be an empty key. Plus RunOnce is interpreted AFTER the >> Winlogon process. Robin's problem occurs before the Winlogon process. | When is wininit.ini processed? What OS are you referring to because NT based OS' don't use INI files. Everything is pretty much stored in the Registry and evaluated there. Since this was x-posted to a WinXP group, the answer is NEVER. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Andy Walker on 8 Dec 2009 21:04 David H. Lipman wrote: >What OS are you referring to because NT based OS' don't use INI files. >Everything is pretty much stored in the Registry and evaluated there. > >Since this was x-posted to a WinXP group, the answer is NEVER. Not true, Dave. XP still uses INI files. boot.ini win.ini system.ini to name a few...
From: David H. Lipman on 8 Dec 2009 21:08 From: "Andy Walker" <awalker(a)nspank.invalid> | David H. Lipman wrote: >>What OS are you referring to because NT based OS' don't use INI files. >>Everything is pretty much stored in the Registry and evaluated there. >>Since this was x-posted to a WinXP group, the answer is NEVER. | Not true, Dave. XP still uses INI files. | boot.ini | win.ini | system.ini | to name a few... OK. BOOT.INI is only used to launch the OS or a different OS. It is interpreted before the WinGUI. WIN.INI and SYSTEM.INI are NOT really interpreted anymore. They ONLY exist for backwards compatibility purposes for Win9x/ME, and maybe Win3.1x programs that weren't written to use a registry. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: JD on 8 Dec 2009 21:33 The Real Truth MVP wrote: > Please David your ignorance and lack of knowledge is showing. You of all > people should know that malware writes to that key and since the issue > is there on EVERY boot if it gets deleted when run it gets put back in > there and you are WRONG about when that key gets read. > > Oh My god.. Don't you have software to fix this? Go away. Nobody needs your help. 8-) -- JD..
From: Rick on 9 Dec 2009 06:05
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:hfmpie02rbv(a)news3.newsguy.com: > >| When is wininit.ini processed? > > > > What OS are you referring to because NT based OS' don't use INI files. > Everything is pretty much stored in the Registry and evaluated there. > > Since this was x-posted to a WinXP group, the answer is NEVER. Not to be argumentative, but you're saying these folks are incorrect? http://www.aumha.org/a/loads.php http://support.microsoft.com/kb/140570 While I don't run into it as much as I used to, I still do find XP systems that appear to be using wininit.ini for file deletions/renames on occasion. -- Rick Simon rsimon(a)cris.com Include "spam(trap)key" somewhere in the body of any email to avoid spam filters. |