Hi Everyone,

I got this morning an alert in TDS3: File has changed: C:\Windows\win.ini

Can pls. someone explain to me what this means?? What could have been changed in wini.ini and is there something "special" I have to look for????? I'm kinda "suspicious" as Outlook Express tried to connect to ZDNet this morning.

Thanks!

Hi Marianna,
It surely sounds like something installed new on your system, but it still doesn't need to say that is the fact.
Do a full System Scan with everything checked and highest sensitivity for the worm detection, and see if something comes out.
When i look in my netstat while reading emails i see connections and unfortunately some popups from advertisers. ZDNet might be among them, not that i really remember.
If you're fully patched and updated in IE and Windows, firewall up....... in the worst case you immediately close the connection and do your scans.
Please keep us updated about possible finds, so we can help you further.

Hi Jooske,

thanks.....I didn't install anything new. I did the full scan and nothing showed up - also a scan at Housecall didn't show anything....strange..... I wonder WHY TDS3 alerted me.......was it a coincidence with Outlook Express trying to contact ZDNet?? *Wonder here also WHY .....Yup, there are many pop-ups at ZDNet, I "killed" most of them.

Do you have any idea WHERE to look in the wini.ini for a "change" I *looked in win.ini everything seems to be "normal"to me.

Thanks for your time!

Hey Marianna,

The most critical areas to look at are the

load=
run=

statements. If you see anything there set to "load" or "run" I would pay particular attention to the programs indicated there.

Hope this helps

Hi Dan,

thanks for your reply!

I'll keep an eye on load \ run!

Thanks again!

Marianna - I had one of those, too, awhile back.

Unlike you, though, I d/l stuff to try out constantly, so as soon as I got the alert that morning I did a full, in-depth, all extensions, both drives, maximum sensitivity scan with TDS, The Cleaner, Tauscan, NOD32, AVG, eTrustAV, SpyCop - then I followed that up by running the Trojan Assistance Pack from rmbox.

Everything came out clean, so I just chalked it up to either a false alert or the OS (WinMe) itself having a fit. Pete

Hi Pete,

thanks *:-*

I just ignored it after I couldn't find anything - I have WinMe too - but on the other hand it's still a bit "strange". I took the checkmarks out of "load" and "run" a while ago - so nothing was in there.
Well, one of those nice "mysteries" !

Glad you had the same "experience" - now I don't feel so "alone" LOL