Comments on: What is WinInit.exe? http://www.computerdefense.org/2008/03/what-is-wininitexe/ Sharing my thoughts with the world. Wed, 16 Nov 2011 02:58:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Think Deeper http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-180848 Think Deeper Fri, 24 Dec 2010 23:46:52 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-180848 Oh shortsighted ones -- Any process that even the administrator cannot kill makes for the perfect file for a virus to infect or replace. Successful infection/replacement would make the virus invulnerable to anti-virus trying to stop and delete it. What you are actually working your way towards but have not yet "discovered" is...there is a damn good reason that even Microsoft strongly recommends that you do NOT run Windows under administrator account privileges. But Windows yields to "the customer is always right" complaints that a default account that is not administrator inconveniences customers by requiring extra clicks and knowing a password to install software. Yes as a group Windows customers demand convenience over security. And your half-thought out suggestion to make all system processes invulnerable while the OS is running is just another "make things more convenient regardless of overall security implications". However in this case some of you do circle around a good idea without making it your main point. WININIT.EXE should not have been important enough to crash the OS. Heck it probably should not even be running unless an special install or uninstall has requested its services. That is MS needs to comb through system processes that should not be critical and make sure ending those processes is unlikely to crash or result in severe system impact. Even some of the truly important but abortable processes should be examined to see if warnings or further system action to produce a graceful emergency shutdown can be created. Why are some process immune to termination? Much of that is because there is no way to continue without immediate crash or bluescreen -- and not just as a domino side effect. These are the most basic sections of what runs your programs and presents a user interface. If you could stop these processes your OS could not do anything useful. So the immunity is not intended to protect the less technical user from aborting the wrong processes, Oh shortsighted ones — Any process that even the
administrator cannot kill makes for the perfect file for a virus to
infect or replace. Successful infection/replacement would make the
virus invulnerable to anti-virus trying to stop and delete it. What
you are actually working your way towards but have not yet
“discovered” is…there is a damn good reason
that even Microsoft strongly recommends that you do NOT run Windows
under administrator account privileges. But Windows yields to
“the customer is always right” complaints that a
default account that is not administrator inconveniences customers
by requiring extra clicks and knowing a password to install
software. Yes as a group Windows customers demand convenience over
security. And your half-thought out suggestion to make all system
processes invulnerable while the OS is running is just another
“make things more convenient regardless of overall
security implications”. However in this case some of you
do circle around a good idea without making it your main point.
WININIT.EXE should not have been important enough to crash the OS.
Heck it probably should not even be running unless an special
install or uninstall has requested its services. That is MS needs
to comb through system processes that should not be critical and
make sure ending those processes is unlikely to crash or result in
severe system impact. Even some of the truly important but
abortable processes should be examined to see if warnings or
further system action to produce a graceful emergency shutdown can
be created. Why are some process immune to termination? Much of
that is because there is no way to continue without immediate crash
or bluescreen — and not just as a domino side effect. These are
the most basic sections of what runs your programs and presents a
user interface. If you could stop these processes your OS could not
do anything useful. So the immunity is not intended to protect the
less technical user from aborting the wrong processes,

]]> By: Guest http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-158564 Guest Wed, 19 May 2010 00:12:59 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-158564 @Greg +1 nothing pisses me off more than that annoying box telling me a process cannot be terminated. ProcExp fixed a lot of that crap, but a many still exist. Meanwhile, access denied error boxes keep allowing this crap to bloat my system when i wanna get every possible fps. yaaaaaayyy @Greg
+1

nothing pisses me off more than that annoying box telling me a process cannot be terminated.
ProcExp fixed a lot of that crap, but a many still exist. Meanwhile, access denied error boxes keep allowing this crap to bloat my system when i wanna get every possible fps. yaaaaaayyy

]]> By: Greg http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-124064 Greg Fri, 27 Nov 2009 18:36:50 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-124064 I believe an administrator should be able to kill such a service should they want to. However, perhaps a warning should popup bringing the potential outcome of the action to the administrators attention. Someone mentioned it being in Windows Server 2008 for example. Server OSs in particular should not place anyone, even an administrator in such a situation without a warning. Such crashs can be damaging to a business, and an admins employment status. I believe an administrator should be able to kill such a service should they want to.
However, perhaps a warning should popup bringing the potential outcome of the action to the administrators attention. Someone mentioned it being in Windows Server 2008 for example. Server OSs in particular should not place anyone, even an administrator in such a situation without a warning. Such crashs can be damaging to a business, and an admins employment status.

]]> By: Bill Pytlovany http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77531 Bill Pytlovany Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77531 WinInit.exe is a carry over from a Win9x scheme that was used on startup. WinInit.exe runs and looks for a file called WinInit.INI. If its found, it processes the commands found in this file. <br /> The type of command is pretty limited to <br /> NUL= path or <br /> REN= pathname1, pathname2 which are used to either delete or renamed files on boot up. <br /> <br /> The purpose of this scheme was to allow setup programs and uninstallers do their housekeeping. <br /> For instance, if you wanted to replace a system file that was in use, you could put a rename command in WinInit.ini to replace the file before it was loaded by Windows on your reboot. It also allows uninstaller to remove themselves after they're done. <br /> <br /> Once WinInit.exe processes the file, it renames WinInit.INI to WinInit.BAK so anyone with a Win9x system and check their last WinInit process. <br /> <br /> WinPatrol actually alerts Win9x users to the creation of a WinInit.INI file. <br /> <br /> Newer versions of Windows now use a key in the registry. <br /> "...ControlSession ManagerPendingFileRenameOperations" <br /> <br /> Bill <br /> WinInit.exe is a carry over from a Win9x scheme that was used on startup. WinInit.exe runs and looks for a file called WinInit.INI. If its found, it processes the commands found in this file.
The type of command is pretty limited to
NUL= path or
REN= pathname1, pathname2 which are used to either delete or renamed files on boot up.

The purpose of this scheme was to allow setup programs and uninstallers do their housekeeping.
For instance, if you wanted to replace a system file that was in use, you could put a rename command in WinInit.ini to replace the file before it was loaded by Windows on your reboot. It also allows uninstaller to remove themselves after they're done.

Once WinInit.exe processes the file, it renames WinInit.INI to WinInit.BAK so anyone with a Win9x system and check their last WinInit process.

WinPatrol actually alerts Win9x users to the creation of a WinInit.INI file.

Newer versions of Windows now use a key in the registry.
"…ControlSession ManagerPendingFileRenameOperations"

Bill

]]> By: JustSomeGuy http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77528 JustSomeGuy Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77528 Hi, <br /> <br /> Wow... so you want Windows to PREVENT you from killing a process if it is going to cause stability issues? Are you retarded? That's exactly what's wrong with Windows in the FIRST place - lack of granular control. <br /> <br /> Stop encouraging Microsoft from thinking they know better than the sys-admin you douchebag. <br /> <br /> Hi,

Wow… so you want Windows to PREVENT you from killing a process if it is going to cause stability issues? Are you retarded? That's exactly what's wrong with Windows in the FIRST place – lack of granular control.

Stop encouraging Microsoft from thinking they know better than the sys-admin you douchebag.

]]> By: PCCSI http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77534 PCCSI Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77534 You can basically see the MOI here: <br /> <a href="http://support.microsoft.com/kb/140570 ">http://support.microsoft.com/kb/140570 </a><br /> <br /> What I want to know is - why a legit wininit.exe is maintaining a listening TCP connection, as verified by TCPView? <br /> <br /> Bill P? You can basically see the MOI here:
http://support.microsoft.com/kb/140570

What I want to know is – why a legit wininit.exe is maintaining a listening TCP connection, as verified by TCPView?

Bill P?

]]> By: JustSomeGuy http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77533 JustSomeGuy Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77533 does that mean you don't want a sys admin to be able to.. oh.. i don't know... install drivers? <br /> <br /> A sys admin is always going to have the ability to crash a system. it's why companies [try to] hire competent sysadmins. does that mean you don't want a sys admin to be able to.. oh.. i don't know… install drivers?

A sys admin is always going to have the ability to crash a system. it's why companies [try to] hire competent sysadmins.

]]> By: Will Hughes http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77532 Will Hughes Tue, 20 Jan 2009 09:10:04 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77532 Not sure whether you want Windows Server 2008 too, but this also has wininit.exe <br /> <br /> Windows Server 2008 64bit (RTM - x64) <br /> wininit.exe 101ba3ea053480bb5d957ef37c06b5ed <br /> <br /> (I havn't got a 32bit install of WS2008, sorry) Not sure whether you want Windows Server 2008 too, but this also has wininit.exe

Windows Server 2008 64bit (RTM – x64)
wininit.exe 101ba3ea053480bb5d957ef37c06b5ed

(I havn't got a 32bit install of WS2008, sorry)

]]> By: Gema http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77487 Gema Mon, 19 Jan 2009 14:20:07 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77487 Basically, it depends where the file is. If it is in the correct directory, then its safe. What virus programmers, have done recently however, is to name their virus wininit.exe, and put it somewhere else. This fools the virus scanner into thinking that it is a legitimate windows file. Basically, it depends where the file is. If it is in the correct directory, then its safe. What virus programmers, have done recently however, is to name their virus wininit.exe, and put it somewhere else. This fools the virus scanner into thinking that it is a legitimate windows file.

]]> By: Kinez http://www.computerdefense.org/2008/03/what-is-wininitexe/comment-page-1/#comment-77488 Kinez Mon, 19 Jan 2009 14:20:07 +0000 http://www.computerdefense.org/2008/03/09/what-is-wininitexe/#comment-77488 My problem is when i try to shut my computer down. I get an end program warning and i have to hit the 'end program' button before my computer will continue shutting down. When i looked into the details it said it was this 'wininit.exe'. so i look for it under processes in my task manager and i have the ability to end the process, but a warning comes up. I don't know what to do about the stupid pop up when i try to shut down though. It is annoying when i hit shut down and turn my monitor off, i expect it to shut down, not just stop everything until i click a button. Oh, i have an XP if that is important. Help? My problem is when i try to shut my computer down. I get an end program warning and i have to hit the 'end program' button before my computer will continue shutting down. When i looked into the details it said it was this 'wininit.exe'. so i look for it under processes in my task manager and i have the ability to end the process, but a warning comes up. I don't know what to do about the stupid pop up when i try to shut down though. It is annoying when i hit shut down and turn my monitor off, i expect it to shut down, not just stop everything until i click a button. Oh, i have an XP if that is important. Help?

]]>