03.09.08
What is WinInit.exe?
So I was browsing Task Manager on my Vista box as Admin (Show all users processes) and I noticed wininit.exe. This file has that "virus ring" to it, so I decided to check it out. I'm positive my system hasn't been infected with anything, but there's never harm in checking. I did some searching and the first two results on Google are:
- PCHell - WinInit.exe == Bymer Trojan.
- liutilities - WinInit.exe == WOLLF.16 Virus
Interesting... I don't know how this got here, but let's kill it. Click on wininit.exe, click end process, blue screen. That's right... blue screen. Apparently wininit.exe is a crucial system file in Vista and shouldn't be killed by anyone, yet the administrator can kill it and easily blue screen the system. This probably shouldn't happen, and it's most likely something Microsoft should consider looking into... no user should be able to end task a single process and blue screen the system... not even the Administrator... I'd probably label this as a vulnerability, but I'm sure Microsoft sees it as a stability issue. This would be similar to lsass.exe on Windows XP with the nice pop-up that says, 'This is a critical system process... Task Manager cannot terminate this process' (or something similar).
So end result:
Running Vista:
WinInit.exe is a system critical process, even though some malware scanners identify it as a bad apple. This file should exist in C:\Windows\system32 (or more accurately - %windir%\system32)
Details (Windows Vista Home Premium) as of Today:
File Description: Windows Start-Up Application
File Version: 6.0.6000.16386
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
Pre-Vista Windows:
Trust your AntiMalware Software.
Anyone with other versions of Windows... see if your wininit.exe is the same (I'm assuming they all are, but if it's different... please post the version of Vista and the MD5 Hash... Thanks.
