GENANZ-L Archives

Archiver > GENANZ > 2001-11 > 1004849502


From: "Jimmy John" <>
Subject: Re: O/T Virus
Date: Sun, 4 Nov 2001 15:21:42 +1030
References: <iDLE7.18858$g8.28698@newsfeeds.bigpond.com>, <3BE46CCB.9253.D4E676F@localhost>


Sounds like you hadn't been keeping you Nortons antivirus Defifnitions up to
date and the PC was infected before you got the updates.
This file initiates windows whilst PC is in DOS mode
Its location should be C:\windows

What version of Windows are you using?
Assuming win98:-
Assuming you have cleaned the viruses out or repaired them(You appeared to
say this)
and you only need a clean copy of this wininit.exe file,
In win98 on the CD I have, this file is located in the Win98_47.cab file
It needs to be decompressed and installed to c:\windows folder.
In windows explorer (Start button> right mouse>explorer)
Select c: drive and find folder Windows
select c:\windows and scroll down past all the folder until the files appear
and locate the wininit.exe file. Highlight it and right mousebutton
> select rename> rename it to wininit.xxx
( this isbeing done so the "crook" file stays there but isnt called
winit.exe any more)
check that the file is now called winit.xxx after your renaming exercise.
Now:
Select the drive for YOUR CD ie E: if this is your CD drive letter
Find Win98 folder on this CD Rom ie e:\win98
Find Win98_47.cab file and double click the .cab file to open it in
"Winzip"
*** if you dont have winzip then go to www.winzip.com and download this
unzipping program ( Its use is invaluable) then.....
Check to ensure the file wininit.exe is in this .cab file, on your CD
While Winzip is opened and you can see the list of files in the win98_47
.cab file,
select/highlight the winit.exe file (NO OTHER FILES)
then look at top left of winzip window and you will see a folder location
which is below the words "extract to"
this file will be extracted to this folder SO this needs to read
c:\windows.
So highlight the shown folder path and then type in c:\windows
SO look at "extract to" and below this should now read c:\windows
below that a black dot should be in the "Selected file" line.
(otherwise other files could be extracted as well and cause
other problems with windows)
Double check the above and ensure everything is correct then
press EXTRACT button on top right of Winzip box.
This should have replaced the wininit.exe into c:\windows.
Close Winzip and assuming Windows explorer is stillopen, go to c:\windows
and scroll down again past the folders and you now should have winit.xxx AND
wininit.exe in the list.
IF YOU DONT SEE WINIT.EXE then go back to .cab file, open winzip again and
try it again
recheck and ensure that both winit.xxx and winit.exe exist in c:\windows
folder BEFORE
Rebooting computer.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
If it is, then good, now look on CD in Win98 folder for a file called
extract.exe.
This file will be used to extract your winit.exe from the .cab file.to your
c:\windows folder.
To do this, go to DOS prompt (usually found in accessories area of the Start
menu)
this should take you to c:\ or c:\windows.
Change the directory to e:\win98 (where E: is your CD drive letter)
by typing e: and press enter key. should have e:>\ or similar cursor
Then type cd\win98 and press enter key
should now have e:\win98>\ as directory/folder name
ie e:\win98>\
You should now be in the folder in which BOTH extract.exe AND win98_47.cab
are located.

type following making sure all spaces are exactly as shown:
extract /e win98_47.cab wininit.exe /L c:\windows
The above should extract wininit.exe and plasce the unextracted file to
folder of c:\windows
When you attempt to overwrite the existing file wininit.exe it should prompt
you to overwrite or not
select to overwrite the original file

--
Please remove SPAM from my address to reply
"John Blue" <> wrote in message
news:...
>
>
> > So how does one get Pegasus?
> >
> Go to:
> http://www.pmail.com/
> The current version for windows is 3.12c, with a version 4 coming very
shortly. The version 4 has
> been on restricted release for final testing.
>
> > I recently received (in spite of Norton installed) a
> > W32 HLLW Bymer virus which has affected my winnit.exe.
> >
>
> > Now as a complete igonramus in these matters, I quarantined said virus
> > and updated every bell and whistle in Norton, but it now tells me I
> > cannot now use winnit.exe. from windows.
> The following may help this is from:
> http://www.pchell.com/virus/wininit.shtml
>
> If you can access that page you can down an automatic cleaner from trend
Micro, if not follow
> these instructions:
>
> This trojan virus slows down the infected computer and can disable the
> infected user from viewing other computers in the Network Neighborhood.
>
> The original Trojan is distributed as WININIT.EXE but other virus
> writers may change this filename.
>
> To Clean/Delete the Bymer trojan?
>
> The registry needs to edited to delete this Trojan
>
> Click START, RUN
> Type REGEDIT and hit ENTER key
> In the left panel, click the "+" to the left of the following:
> HKEY_LOCAL_MACHINE
> Software
> Microsoft
> Windows
> CurrentVersion
> Run
> In the right panel, search for any of the registry key that contains the
> data value of bymer.scanner = "%virus path and filename%" Where %virus
> path and filename% is the complete path of the Trojan. Make a note of
> the exact path to the virus, then close Regedit. Restart the Computer in
> MS-DOS Mode. Delete the file name referenced in Step 3 above Reboot the
> system Following the information in Steps 1 and 2, open Regedit and
> proceed to the Run line In the right window, highlight the registry key
> that loads the file and press the DELETE key. Answer YES to delete the
> entry. Exit the registry. Scan your system with an up-to-date antivirus
> program and clean any infected files
>
> I suggest you use esafe desktop:
> http://www.ealaddin.com/esafe/default.asp
> or Protector Plus
> http://www.protectorplus.com/
>
> > Everything seems to be working of so what does this mean and how can I
> > put it right, being 90 k's from the nearest computer shop.
> >
> Go through the above procedure, install one of the above virus checkers
and rescan the system.
>
> > --
> > Ejay
> >
>
> Please contact me off list if you need further assistance.
>
> John
> -
>
> >
> >
> >
> > "John Blue" <> wrote in message
> > news:...
> > >
> > >
> > > > Hi All,
> > > >
> > > > I just wanted to apologise to anyone who had received strange Emails
> > > > from me, as I found I had received the Magistrate Virus, which had
> > > > been going through my files and Emails and sending them off
> > > > indiscriminately to people I have had contact with.
> > > >
> > > > I now have an update Virus protection on, after wiping it off the
> > > > system, it was detected again the nest day, it seems to effect quite
> > > > a few files. Hopefully I will not have it anymore. I don't see what
> > > > joy the people get from sending these.
> > > >
> > > Karen,
> > >
> > > The virus infected emails you and others have received are not
> > > knowingly
> > sent by anyone. It is
> > > simply that once one of this type of virus arrives on your system it
> > > sets
> > itself up to use your
> > > Outlook address book.
> > >
> > > Of course if you refer to the "originators or designers" of the virus
> > then they are straight up cyber
> > > terrorists of one form or another (mind you some are simply teenagers
> > > with
> > a mis-directed
> > > technical skill)!
> > >
> > > I have previously said this, and for the sake of those who who may not
> > have seen it. Microsoft is
> > > generally targetted by these virus developers, and Outlook versions
> > > tend
> > to have security holes
> > > easily targetted.
> > >
> > > For a more secure environment, I suggest changing from using "Outlook"
> > > to
> > Pegasus Mail (totally
> > > free), or even Eudora Mail. Of course making sure that appropriate and
> > reliable antivirus software
> > > is installed. My recommendation here is esafe!
> > >
> > > John
> > > -
> > > > Karen
> > > > Jerrabomberra
> > > >
> > > > ______________________________
> > >
> > > John Blue,
> > > PO Box 542
> > > Mawson ACT 2607
> > > Australia
> > > email:
> > >
> >
> > ______________________________
>
> John Blue,
> PO Box 542
> Mawson ACT 2607
> Australia
> email:
>
> Thought for the day:
> Life is wonderful.
> Without it we'd all be dead.
>
>




This thread: