dcom exploit rpc- winit.exe--- it keeps returning- how to stop it?
Posted on 2004-10-08
recently i noticed the file 'winit.exe' asked Zone Alarm for permission to enter the internet. I gave it a -yes. but that file bothered me. a little while later, i decided to check for trojans and it discovered a trojan in memory- dcom exploit rpc. I deleted it. then i took my av and double checked everything. i looked at win updates and nothing was needed. so i was satisfied.
i also took the precaution of zone alarm- not allowing winit.exe to enter the internet. so i thought i covered everything.
wrong- a day later- i looked at my registry this morning and saw winit.exe was still in the registry, i deleted it. so i did a registry scan for the words - winit.exe and found 7 places it existed. it was located in 'RunServices' which i deleted yesterday. 4 places it was located in the spy programs (possibly as a cautionary description) and the other two places was located in MS\OLE directory.
i will now delete the 'Run Services' and reboot- but i am sure it will return.
what am i overlooking?