Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Woolf.16 Virus---wininit.exe Infection


  • Please log in to reply
5 replies to this topic

#1 Rick24

Rick24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:09:20 PM

Posted 06 September 2007 - 12:39 PM

I have run my McAfee scan and it finds nothing. I ran a online scan in Safe Mode using CA. Shows clean. Spybot shows clean. SuperAntiSpyware just shows a tracking cookie. However when I run ProcessLibrary is shows this infection running on my system. Please help me remove it. I can post a hijackthis log if needed.


Wollf.16

wininit.exe

Edited by Rick24, 06 September 2007 - 01:33 PM.


BC AdBot (Login to Remove)

 


m

#2 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:20 PM

Posted 07 September 2007 - 12:57 AM

Your infection doesn't have a program that will move it as far as i can tell.

Read the Preparation Guide for use before posting a HijackThis Log thread up until Step 9.

Then download the new version of HijackThis from here. Then unzip/extract hijackthis.zip.
If you are unsure how to unzip/extract, a link showing how to can be found by clicking here

Then create a permanent folder and move hijackthis.exe into it. The reason for this is because HijackThis creates backups and they may be deleted they are in a temp-folder.
How to make a permanent folder:
  • Click My Computer, then C:\ and then on Program Files.
  • In the menu bar (2nd bar from the top) select File>New>Folder.
  • That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
  • Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there by copying and pasting. I would recommend you create a shortcut for HijackThis for easy access. Just right HijackThis and select create shortcut. Copy and paste that shortcut onto the desktop.
Please be patient, as there are a limited number of helpers and a lot of demand for help. Also, do NOT bump your topic, as the HJT team members work on a first come first serve basis, and if you bump your topic by replying to your thread, they will assume someone is already helping you as your thread has been replied to.
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#3 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:12:20 PM

Posted 07 September 2007 - 02:46 AM

Edit thats too late: Read the Preparation Guide for use before posting a HijackThis Log thread and complete all steps that you haven't done until Step 9.

Not

Read the Preparation Guide for use before posting a HijackThis Log thread up until step 9


Also, if no one replies after 5 days, please post the link to your HijackThis thread Haven't Had A Reply In Five Days?, Post your link thread.

Edited by annabackwards, 07 September 2007 - 02:49 AM.

Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:20 PM

Posted 07 September 2007 - 06:55 AM

Since you are not finding the malware with the two programs mentioned,
This is likely a false positive. Another user had the same problem. See discussion in link below. To be sure, submit the file in question to Jotti.
http://virusscan.jotti.org/

If it happens that it is NOT a false positive, see info for removal in link below.
http://www.trendmicro.com/vinfo/virusencyc...e=BKDR_WOLLF.16

http://forums.microsoft.com/TechNet/ShowPo...6&SiteID=17

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Rick24

Rick24
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:09:20 PM

Posted 07 September 2007 - 04:20 PM

Thank you for your responses. I have run http://www.trendmicro.com/vinfo/virusencyc...e=BKDR_WOLLF.16. I am starting to think this is a false postive as well. Nothing is picking it up. I have not seen anything really strange happen. The process library scan is the only indication that I am infected.

#6 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:20 PM

Posted 07 September 2007 - 05:38 PM

McAfee Site Advisor doesn't think much of the links on ProcessLibrary site.
I suspect they were wanting to sell you a program to remove the "malware".
I agree, chalk this up as bogus/false positive.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users