Windows 7 - what is wininit?

Asked By Stephen Porter on 13-Jan-08 05:40 PM
Hello, I'm new to Vista. I purchased a toshiba laptop and was just going
through all the processes that are running and I found wininit.exe and
wininit.dll. I looked the .exe up online and a lot of sites said it was a
virus. Computer seems to be running fine but curious if it is or if it's
just a normal process that vista uses. Btw I have Vista Premium if that
matters.

Thanks!!




David Sanders replied on 13-Jan-08 06:18 PM
Stephen Porter wrote:
I would run a virus scan just to be sure.
AlexB replied on 13-Jan-08 06:51 PM
Do not run any antivirus but I do suggest to download and install a free
(forever) for individual users antivirus and antispy program: Spybot Search
& Destroy (German).

I just checked my windows\system32 directory: your file is there. I have run
SB S&D many times.

Tomorrow morning I will check my brand new Vista machine at teh office and
see if this file is there. I am sue it is.

A lot of those websites are set by crooks. They claim that normal windows
execs are viruses. It frightens you and leads you to buy their wares. It is
not to say that there are no viruses and the same people may be writing
them.

Read this thread:
https://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2393102&SiteID=17

Quotes from this thread:
I have seen, from a plethora of sites after searching for said .exe with
google, that this is a trojan lef tover from the wolf virus..
Is this true?  If it is, it is cleverly disguised.
I tried searching the TechNet for pages on the .exe, but to no avail, errors
galore.

Answer:
Thank you for your post.



No, Wininit.exe is a system built-in file. Actually, it is called "Windows
Start-Up Application" and exists under Windows\System32.



I suspect that the websites you referred may be for virus with the same file
name, or the Wininit.exe was infected.



Thanks!



Sincerely,

Joson Zhou

Microsoft Online Community Support
Bob replied on 13-Jan-08 07:11 PM
a backdoor Trojan horse allows unauthorized remote access to an infected
computer"
http://www.processlibrary.com/directory/?files=wininit.exe

http://www.symantec.com/security_response/writeup.jsp?docid=2003-082707-4421-99&tabid=2
Rick Rogers replied on 13-Jan-08 06:44 PM
Hi,

Wininit.exe is a valid system process in Vista. There was, many years back,
a virus that used that name, but it hasn't been seen in a long time.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com
John Barnes replied on 13-Jan-08 07:26 PM
This is the correct answer from a very reliable poster.  Ignore the other
posts.  It is the windows initialisation program.  If you have two copies of
it running it would indicate a potential problem, but not one copy.
Frank Saunders MS-MVP IE,OE/WM replied on 13-Jan-08 07:37 PM
But wininit.exe and .dll are also legitimate files that need to be there.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email
Stephen Porter replied on 13-Jan-08 09:32 PM
Ok guys, well thank you for all the responses. I ran AVG and was no viruses.

Been such a long time since I posted/read newsgroups, glad people still use
them!!!

Take care,
Stephen