Hi,
"W32.Xabot.Worm spreads through IRC and file-sharing networks.
Its backdoor Trojan Horse capabilities allow a hacker to gain control
of a compromised computer. The existence of a wininit32.exe file is
an indication of possible infection."
http://resnet.ucsd.edu/body_virushelp.html
Yes Virginia, you have a Trojan: BKDR_IRCBOT.R
Description:
This backdoor program compromises system security by allowing a remote
malicious user to access and control the affected system. It carries out its
backdoor routines by connecting to an Internet Relay Chat (IRC) server
where it listens for commands from the remote malicious user.
Some of the things it allows the remote malicious user to do are the following:
Shut down the affected machine
Download and/or execute a file
Modify settings of installed games (e.g., Battlefield 1942 and Half-Life)
It also disables several network monitoring tools, firewalls and
intrusion detection applications.
For the Solution visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_IRCBOT.R
--
Cheers, Windows XP MVP Shell / User
Jimmy S.
http://mvp.support.microsoft.com
Game FAQs:
http://support.microsoft.com/default.aspx?scid=FH;[LN];gms
Visit my Zone.com / Gaming Helpsite:
http://nibblesnbits.tk or Call / Contact
MS Support at:
http://support.microsoft.com/default.aspx?scid=sz;en-us;top
My advice is donated "AS IS" without warranty; nor do I confer any rights.
_________________________________________________________
| (I am scanning w/ Housecall as I write. By the time I'm
| done writing it'll have finished. Mind you I have 60+GB to
| go through -_-)
|
| Startup Manager refers to wininit32 (rather than winit32
| as I thought before) as:
|
| {Command Line: wininit.exe -drivers
| Start Location: "Run" section of HKEY_LOCAL_MACHINE
|
| File Path: C:\WINDOWS\System32\wininit32.exe
| File Date: Saturday, November 01, 2003 16:11:21}
|
| The second wininit32 is identical except for it's Start
| Location which is "Runservices" section of
| HKEY_LOCAL_MACHINE.
|
| The third is the same with the Start Location of "Run"
| section of HKEY_CURRENT_USER.
|
|
|
| So this explains why nobody could find winit32.exe as the
| file is actually wininit32.exe (sorry for the typo with
| that).
|
| These Start Locations indicate the "Run" command. Do you
| suppose they are acting as restrictions on the Run command
| (which is what I use to access msconfig)?
|
| >-----Original Message-----
| >Well, this is something I suppose. That program is
| working
| >fine to disable my startup items (by the way, what is
| >winit32? I have 3 of them...). I made a second admin-
| level
| >account and I COULD access MSconfig, but I got the same
| >ikernel.exe error when I installed the game. The game
| >still refuses to get past the first level loading screen.
| >
| >I am also adware and virus free as far as I can tell.
| >
| >By the way, how do you transfer settings from one account
| >to another (ex. my original account to a second admin
| >account)?
| >
| >Thanx for the help
| >
| >
| >>-----Original Message-----
| >>Hi Kai,
| >>
| >>You've provided an important clue since you can't access
| >>msconfig. Let's use a 3rd party program instead:
| >>
http://new.jtsoft2001.com/windows/startup.php
| >>
| >>Run a virus scan at:
http://housecall.antivirus.com
| >Afterwards
| >>Download & Run Spybot from:
http://security.kolla.de to
| >find any
| >>Trojans, Adware, or Spyware which could clog up your
| >system.
| >>
| >>You may need to create a new account with administrators
| >rights
| >>to see if you can install that program using it. If it
| >works, then we
| >>can transfer your old profile and settings to the new
| >account.
| >>
| >>--
| >>Cheers, Windows XP MVP
| >Shell / User
| >>Jimmy S.
| >
http://mvp.support.microsoft.com
| >>
| >>Game FAQs:
http://support.microsoft.com/default.aspx?
| >scid=FH;[LN];gms
| >>Visit my Zone.com / Gaming Helpsite:
| >
http://nibblesnbits.tk or Call / Contact
| >>MS Support at:
http://support.microsoft.com/default.aspx?
| >scid=sz;en-us;top
| >>My advice is donated "AS IS" without warranty; nor do I
| >confer any rights.
| >>_________________________________________________________
| >>
| >>"Kai Hawatari" <
[email protected]>
| >wrote in message | >
[email protected]...
| >>| Hello. I have a similar problem. I have all 3 stdole
| >>| files, admin privileges, latest drivers for everything
| >>| etc. I also double-checked the 'allow' privileges and
| >it's
| >>| all good.
| >>|
| >>| So what could it be?
| >>|
| >>| (Coincidentally, the game is Max Payne. When loading
| the
| >>| title screen it gets to 100% then freezes. During and
| >>| after the install I got the ikernel.exe error.)
| >>|
| >>| Also, when I try to access msconfig from the run menu
| it
| >>| says I don't have admin privileges to access it! I'm
| >SURE
| >>| I have admin privileges. My account is the ONLY account
| >>| that has ever been on this computer...
| >>|
| >>| >-----Original Message-----
| >>| >One of the other MVPs. He's around here when he can
| >be.
| >>|
| >>| >--
| >>| >Chris H.
| >>| >Microsoft Windows MVP
| >>| >Associate Expert
| >>| >Expert Zone -
| >>| >
| in
| >>| message
| >>| >| >>| >> okay.... who's Jimmy? Or am I being a bit dim?
| >>| >>
| >>| >> >-----Original Message-----
| >>| >> >Perhaps Jimmy would have a suggestion. I'm a bit
| >>| >> baffled here.
| >>| >> >--
| >>| >> >Chris H.
| >>| >> >Microsoft Windows MVP
| >>| >> >Associate Expert
| >>| >> >Expert Zone -
|
| >>| >> >
| >>| >> >"Denise" <
[email protected]>
| >wrote in
| >>| >> message
| >>| >> >| >>| >> >> Hi Chris
| >>| >> >> I have checked and all three of the stdole files
| >are
| >>| >> >> there. Can you think of anything else it could
| be?
| >>| >> >> Denise
| >>| >> >> >-----Original Message-----
| >>| >> >> >It is probably this issue from the Knowledge
| >Base,
| >>| >> >> Denise:
| >>| >> >> >
http://support.microsoft.com/default.aspx?
| >>| scid=kb;en-
| >>| >> >> us;810608&Product=winxp
| >>| >> >> >
| >>| >> >> >If it isn't, are you in a Limited account or one
| >>| with
| >>| >> >> Administrative rights?
| >>| >> >> >The Limited accounts won't be able to install
| >>| programs
| >>| >> >> or manipulate files
| >>| >> >> >on the hard drive.
| >>| >> >> >--
| >>| >> >> >Chris H.
| >>| >> >> >Microsoft Windows MVP
| >>| >> >> >Associate Expert
| >>| >> >> >Expert Zone -
| >
| >>| >> >> >
| >>| >> >> >"Denise" <
[email protected]>
| >wrote
| >>| >> in
| >>| >> >> message
| >>| >> >> >| >>| >> >> >> Hi Chris
| >>| >> >> >> Tried that, and it is. Any other ideas?
| >>| >> >> >>
| >>| >> >> >> >-----Original Message-----
| >>| >> >> >> >Check in Control Panel/Administrative
| >>| >> Tools/Services
| >>| >> >> and
| >>| >> >> >> make sure
| >>| >> >> >> >Cryptographic Services is started and
| running.
| >>| >> >> >> >--
| >>| >> >> >> >Chris H.
| >>| >> >> >> >Microsoft Windows MVP
| >>| >> >> >> >Associate Expert
| >>| >> >> >> >Expert Zone -
| >>| >>
| >>| >> >> >> >
| >in
| >>| >> >> message
| >>| >> >> >> >|
[email protected]...
| >>| >> >> >> >> I had to reinstall "The Sims" and "The
| Sims
| >Hot
| >>| >> >> >> >> Date". "The Sims" installed and plays just
| >fine
| >>| >> but
| >>| >> >> >> when
| >>| >> >> >> >> I tried to install "The Sims Hot Date" it
| >just
| >>| >> >> gives me
| >>| >> >> >> >> the following error message: 'The
| >>| InstallShield
| >>| >> >> Engine
| >>| >> >> >> >> (iKernel.exe) could not be installed
| >>| (0x100000)'
| >>| >> >> >> >>
| >>| >> >> >> >> Both games ran perfectly well on my
| computer
| >>| >> >> previously
| >>| >> >> >> >> and I don't understand why it won't work
| >now!
| >>| Can
| >>| >> >> >> someone
| >>| >> >> >> >> please help?
| >>| >> >> >> >>
| >>| >> >> >> >>
| >>| >> >> >> >
| >>| >> >> >> >
| >>| >> >> >> >.
| >>| >> >> >> >
| >>| >> >> >
| >>| >> >> >
| >>| >> >> >.
| >>| >> >> >
| >>| >> >
| >>| >> >
| >>| >> >.
| >>| >> >
| >>| >
| >>| >
| >>| >.
| >>| >
| >>
| >>
| >>.
| >>
| >.
| >
