| "mstinit.exe" [message #81238] |
Sat, 17 April 2004 15:09  |
 |
IRON FART
Messages: 1989
Registered: September 2003
Location: LOS ANGELES
Karma: 0
|
General (1 Star) |
|
|
I did a Google search on "mstinit.exe" because today I have been getting rid of some worms on my computer, and some dialers/trojans/hijackers from my "system32" folder.
As you can see from the google search, "mstinit.exe" (10KB) is indeed some sort of spyware or hijacker.
So naturally, I Shift+Delete it. Exactly 5 seconds later, another one appears.
Great... 
This suggests that there is another program that is checking to see if it is present, and if not, it is replaced. So I made a copy of "notepad.exe" (50KB), renamed it to "mstinit.exe" and replaced the original. This works. This make file is not replaced by the original 10KB file. However, If I delete this new file, it is replaced by a copy of the fake, 50KB file.
So this other program is still present. Taskmanager says otherwise...
Logfile of HijackThis v1.97.7
Scan saved at 3:02:58 PM, on 4/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\AVG6\avgserv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\MYSQL\BIN\MYSQLD-NT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\AVG6\avgcc32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
I scanned my computer with:
http://housecall.trendmicro.com
AVG 6.0
Adaware 6
Pest Patrol
Hijack This
And none of them picked up on the original "mstinit.exe" as a threat. And the application that is causing this wasn't found either. There is no reference to this file at http://www.symantec.com or http://us.mcafee.com.
I'm not getting any adverse effects of this file (its just a clone of notepad.exe) and I can operate my computer fully, but I still don't want this or my other file on my computer.
TIA
| Quote: |
Quote from IRC
<[Digital]> get man_fucking_a_car.mpg
<[Digital]> ah fuck wrong window
|
|
|
|
|
| "mstinit.exe" [message #81242] |
Sat, 17 April 2004 15:20  |
Adnecles1
Messages: 23
Registered: February 2003
Location: Illinois
Karma: 0
|
Recruit |
|
|
download a program called spybots and update before running it. It looks for all kinds of spyware/adware.
|
|
|
|
|
|
|
|
|
|
|
|
| "mstinit.exe" [message #81289] |
Sat, 17 April 2004 17:08 |
|
IRON FART
Messages: 1989
Registered: September 2003
Location: LOS ANGELES
Karma: 0
|
General (1 Star) |
|
|
Well, I found out what the problem is. And I restored the original file.
mstinit.exe is the Windows Task Scheduler Setup. I don't know what it does.
But it occured to me after I restored it from the W2K CD that it was actually the Windows File protection restoring the file to its original state.
Oh well, no harm done at least.
Thanks for the help 
It is appreciated.
| Quote: |
Quote from IRC
<[Digital]> get man_fucking_a_car.mpg
<[Digital]> ah fuck wrong window
|
|
|
|
|
Search
Help
Members
Register
Login
Home
