Free Weekly Tech Newsletter

cobra · 11-26-2000, 02:09 PM

Was browsing the net late last night... as I usually do on the weekends.
I run innoculateIT and black Ice Defender, along with my dial up connection. What's weird is, first I got a "Back Orifice ping", not good, I was not too worried, then a few minutes later, my virus scanner comes up and says I got the win32.bymer virus, oh man, that sucks. It confirmed deletion, then I got an error in Explorer, ask me if I wanted to restart,I was hesitant, but then I said, ok, just to see what was up.
So I rebooted. After restarting and logging back in (winME) after everything has loaded, I have a minimized DOS box, and it was trying to run wininit.exe, said it could not run it from within windows, whew. So I restarted again, same thing, I did a full virus scan, takes forever on 10gig drive that is half full.. So I wondered what wininit.exe was. have no idea until I looked on the antivirus.com website, anyway, what happened was, somebody hacked into my machine and wrote to my win.ini file and unloaded the wininit.exe program on my pc. I verified this through Black Ice Defender, it told me exactly what happened.(Great program). I had my settings too low, so I raised them.
Had to delete the load c:\wininit.exe line from my win.ini file. I did a trrace on the ip through internet maniac(great program) and forwarded my concerns to the proper authorities.
Just want everyone to know, it is crucial that you run a virus scanner and somekind of firewall, protect yourself!

Omletteboy · 11-26-2000, 02:40 PM

Fer sure better to be safe than sorry. I have the firewall software running but I hardly use antivirus.

**HAL9000** · 11-26-2000, 03:45 PM

It may be overkill, but I have an AV, a Linksys router, and run ZoneAlarm. I was recently over at a clients house to clean up their system because they were complaining how slow it was running. Well, three hours later, I finally had all the entries removed from the registry, the WIN.INI, the SYSTEM.INI, and the AUTOEXEC.BAT. There were literally hundreds of command lines executing viri and opening system ports. The commands were even set up to replicate the virus even after deletion of the infected files. When I started, I first put ZoneAlarm on and WOW!, you should have seen the attacks come on trying to get back in and installed programs trying to communicate out. Did the same thing, grabbed all the IP info and reported back to the ISP.

11-26-2000, 02:09 PM	#1
cobra Don't tread on me Join Date: Mar 1999 Location: Florida Posts: 2,121	Was browsing the net late last night... as I usually do on the weekends. I run innoculateIT and black Ice Defender, along with my dial up connection. What's weird is, first I got a "Back Orifice ping", not good, I was not too worried, then a few minutes later, my virus scanner comes up and says I got the win32.bymer virus, oh man, that sucks. It confirmed deletion, then I got an error in Explorer, ask me if I wanted to restart,I was hesitant, but then I said, ok, just to see what was up. So I rebooted. After restarting and logging back in (winME) after everything has loaded, I have a minimized DOS box, and it was trying to run wininit.exe, said it could not run it from within windows, whew. So I restarted again, same thing, I did a full virus scan, takes forever on 10gig drive that is half full.. So I wondered what wininit.exe was. have no idea until I looked on the antivirus.com website, anyway, what happened was, somebody hacked into my machine and wrote to my win.ini file and unloaded the wininit.exe program on my pc. I verified this through Black Ice Defender, it told me exactly what happened.(Great program). I had my settings too low, so I raised them. Had to delete the load c:\wininit.exe line from my win.ini file. I did a trrace on the ip through internet maniac(great program) and forwarded my concerns to the proper authorities. Just want everyone to know, it is crucial that you run a virus scanner and somekind of firewall, protect yourself! Share Share this post on Digg Del.icio.us Technorati Twitter __________________ Miami, flee it like a native.

11-26-2000, 02:40 PM	#2
Omletteboy Eggs anyone? Join Date: Oct 1999 Location: Hong Kong Posts: 1,560	Fer sure better to be safe than sorry. I have the firewall software running but I hardly use antivirus. Share Share this post on Digg Del.icio.us Technorati Twitter

11-26-2000, 03:45 PM	#3
HAL9000 Red-eyed Moderator Staff Premium Member Join Date: Dec 1999 Location: Regina, Saskatchewan, Canada Posts: 17,576	It may be overkill, but I have an AV, a Linksys router, and run ZoneAlarm. I was recently over at a clients house to clean up their system because they were complaining how slow it was running. Well, three hours later, I finally had all the entries removed from the registry, the WIN.INI, the SYSTEM.INI, and the AUTOEXEC.BAT. There were literally hundreds of command lines executing viri and opening system ports. The commands were even set up to replicate the virus even after deletion of the infected files. When I started, I first put ZoneAlarm on and WOW!, you should have seen the attacks come on trying to get back in and installed programs trying to communicate out. Did the same thing, grabbed all the IP info and reported back to the ISP. Share Share this post on Digg Del.icio.us Technorati Twitter __________________ -At Ford, quality is job #1, job #2 is making them explode. ~Norm MacDonald, SNL News -Switching to Glide..Balancing in my head..inside of me... taking the glide path instead.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter