From: "Rick" <
[email protected]>
| Yes, I'm aware of how .ini files have been used going back through Win3.x.
| I'm also aware of how wininit.ini is just a hangover and there are other,
| preferred methods of doing the same thing. According to the aumha article
| however, even though it is not the preferred method, Win XP will execute
| the instructions in a wininit.ini file if one is found.
| And this is where my original question comes in. Just where in the boot
| process does wininit.ini get processed? Since the aumha article points out
| that:
| a) "WININIT.INI is used to complete Windows and program installation steps
| that cannot be completed while Windows is running"
| b) "During the boot process, Windows checks to see if there is a
| WININIT.INI file and, if it finds one, executes its instructions."
| c) and specifies that Windows XP will execute such a file, if it exists
| (assumedly to maintain backwards compatibility)
| I was just curious if anyone happened to know where in the boot process
| that execution was performed. Whether it was before or after the logon
| process.
Rick I think you have a good point in that if the WININIT.INI file is found by the OS it
will do a a file move/delete function "before the logon screen" which is 100% relevant to
Robin's problem.
However, this is a silent function. No screen displays and certainly not "INFECTION:...".
Since you know this INI file and its directives, maybe you could create a test and see
what it does.