Need To Delete

[trelarah]

A friend of mine had a virus on his computer. This virus sent out a link to all of the contacts on his MSN Messenger. When I got the link I presumed it was legit, and therefore I went to it, and opened the suggested file. Once that happened a picture of a half naked girl showed up, and my internet shut down.

I am on a University LAN, and I know for a fact that the problem was not my connection.

It turns out that when I pressed ctrl+alt+delete, and went to PROCESSES there was a application running that I didn't recognize called "wini.exe". So I closed that app. and now my internet runs just fine. However, I can't seem to find this file to permanently delete it, and it keeps restarting every time I reboot my computer. I've attempted to find it with SEARCH, but I haven't had any luck. Any suggestions?

(I've also ran SpyBot, Ad-Aware, AVG, Trend Mircos, and can't find the file)

[spyder003]

Check the startup tab in msconfig, see if it's checked to run on startup. You can uncheck it from there until you can find it.

If it's a malacious file, 9 times out of 10 it will be in the system32 folder.

[trelarah]

spyder003, i checked system32 and couldn't find it. and i don't know where or what msconfig is, little help with that please.

[rjfvillarosa]

MSCONFIG.........Click START>RUN type msconfig in the box and click OK
When the window opens click on the STARTUP tab and check in the list for the offending article.
Does this thing open an IE page and connect to the internet?

[trelarah]

rjfvillarosa, i did what you said and I deselected the "wini.exe" app from starting at the next boot up. so now it won't start, and everything works just fine.

however, i still want to remove this file. i couldn't find it in system32, so does anyone have any other suggestions?

(in msconfig, under the start up tab, then in the column 'LOCATION', it says that "wini.exe" is in: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
But when I look under the coloumn 'COMMAND' it doesn't give the actual location like all the other applications, it just says "wini.exe")

[Trent Steel]

open up the command prompt and use this command
del "\\?\c:\path_to_file\name_of_file_or_folder"

include the quotation marks and all characters
that should eliminate the file

[trelarah]

Thank you Trent Steel.
However there are a few problems since I am very new to this kind of thing.
1) I don't understand 'open up the command prompt', what is that?
2) How do I put in the "path_to_file" if I don't actually know the path?
3) I am very sorry, but this is quite confusing to me.

Any other suggestions, or "how to... for dummies" intructions?

[spyder003]

Removal Instructions

If your AV isn't finding it, you're not going to be able to get rid of the files. Look at the bottom of the link for instructions on manually cleaning up the registry.

You can try downloading and running The Cleaner, it specializes in trojans. Maybe that will find it for you.

Edit - Look next to the wini.exe entry in msconfig, it should give you a pathname for where the file is hiding. It might just point you towards the registry though.

[glc]

Use the Windows Search function - and tell it to include system and hidden files.

[trelarah]

spyder003, the trojan that your link talks about is called "Backdoor.Optix.04.d", that (from what I can tell) is not what I have. However I still downloaded THE CLEANER, and updated my AV but still no luck finding/removing the file. And when I look next to the wini.exe entry in msconfig, it does not give me the pathname, it's just blank.

glc, I tried using Windows Search function (incld. system and hidden files), but that didn't work either.

anyone have any other suggestions?