From: Beauregard T. Shagnasty on
In alt.privacy.spyware, Robin Bignall wrote:

> PCButts emailed me to make the sensible suggestion of checking
> the runonce registry entries.

What?

Buttface is now emailing direct to posters? How cheeky is that!! Must
be a new way to get around having others respond to warn about his
stolen software...

--
-bts
-Friends don't let friends drive Windows
From: David H. Lipman on
From: "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid>

| In alt.privacy.spyware, Robin Bignall wrote:

>> PCButts emailed me to make the sensible suggestion of checking
>> the runonce registry entries.

| What?

| Buttface is now emailing direct to posters? How cheeky is that!! Must
| be a new way to get around having others respond to warn about his
| stolen software...

And it is even really a "sensible" suggestion as the RunOnce key is just that, it runs
only once then the contents of that Registry key is removed. Therefore if it did run, by
the time the person examined it, it would be an empty key. Plus RunOnce is interpreted
AFTER the Winlogon process. Robin's problem occurs before the Winlogon process.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Leythos on
In article <l7hth5ph28bh1a2visno3g6rlcdih8qfgu(a)4ax.com>,
docrobin(a)ntlworld.com says...
> PCButts emailed me to make the sensible suggestion of checking
> the runonce registry entries. They're empty. The weird thing is
> where the message is coming from, since no executable on my system
> disk contains the string "infection".

You should ALWAYS check the reputation and online history of a person
before taking their advice - there are many people that would give you
bad advice that could damage your system.

In the case of PCBUTTS, I don't know of anyone that would consider
trusting him.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
From: Rick on
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:hfml4n02nml(a)news3.newsguy.com:
>
> And it is even really a "sensible" suggestion as the RunOnce key is
> just that, it runs only once then the contents of that Registry key is
> removed. Therefore if it did run, by the time the person examined it,
> it would be an empty key. Plus RunOnce is interpreted AFTER the
> Winlogon process. Robin's problem occurs before the Winlogon process.


When is wininit.ini processed?


--
Rick Simon rsimon(a)cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.
From: David H. Lipman on
From: "Rick" <rsimon(a)cris.com>

| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
| news:hfml4n02nml(a)news3.newsguy.com:

>> And it is even really a "sensible" suggestion as the RunOnce key is
>> just that, it runs only once then the contents of that Registry key is
>> removed. Therefore if it did run, by the time the person examined it,
>> it would be an empty key. Plus RunOnce is interpreted AFTER the
>> Winlogon process. Robin's problem occurs before the Winlogon process.


| When is wininit.ini processed?



What OS are you referring to because NT based OS' don't use INI files.
Everything is pretty much stored in the Registry and evaluated there.

Since this was x-posted to a WinXP group, the answer is NEVER.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp