Does this funny looking winini entry look legitimate

Hi -

I will begin by saying i really don't know much about win.ini, or any part of the system configuration editor. I sort of just hope they are an insignificant carryover to XP from olders windows versions and avoid looking at them...however, i did look and it just looks bad to me, here is a copy using a text editor copy. I am having particular doubts about the last line of it.

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
wax=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
[LILACports]
EPS_LPT1:=
EPS_LPT2:=
EPS_LPT3:=
[KPT WINDOWS 2]
C_VM=1
C_PS=1
C_MM=0
RATS=‹Œˆä…Á€€ƒ


The above seemed weird, but I noticed that that is not the same as what you see on the screen (compare with snapshot attatchment).

I did a quick google but did not see anything understandable to me.

I am not sure how long it might take me to come up with an answer, so I am asking. BTW, I am annoyed by the fact that context menu (right clicks sometimes take way too long, and internet showing some slowness as well. I have a lot more software loaded than usual, with more planned so it could just be my computer is sagging under the extra weight.


Thanks for any insights on this one.

- HandsOff

 

Oh, and, i got this when I ran sysedit:


Notice that my system partition is K:, not C:

Unfortunately i don't seem to find it on either partition


- HandsOff

 

That in itself is not cause for concern....even Win98 does not have to have a config.sys. Since I do not have a config.sys on this Win98 SE workstation....I receive that same message.

The odd looking RATS entry in your win.ini does deserve discussion

 

Hi
That caused when the rightclick list is long or it has some non-standard items
use this editor to remove them.
http://www.snapfiles.com/get/contextmenueditor.html
regarding rats. I have a mouse here!! (just kidding). don't have that entry.

 

Hello Bubba -

Sorry, I had must have had a blonde moment...I typed in sysedit instead of msconfig. On the plus side, i guess i never do really forget anything. even obsolete information.

This is the view from msconfig, and it gets a little closer to the truth, perhaps

- HandsOff

 

Hi Hadi,

As usual, your comments are helpful. I don't consider my context menu excessive, but than, I'm not sure what would be excessive and what not.

aside from the stock items I have

NAV
Trojan Hunter
WinRAR
MP3tagedit

I love the context menu access as a rule, however I see that I have what looks like a wrong winrar option...to add to a particular (not generic) archive...How did I do that? Archive may not even exist anymore! Plus "extract here" and "add to archive" are the only ones I need. Maybe that is the problems?

ON To the KPT entry. This probably refers to Kai's Power Tool's, a set of very cool photoshop plugins. I have noticed that KPT has entries in the system folder. I assume some sort of dll to make video handling work, but who knows. KPT was very advanced for its era (circa 1999). Maybe such entries are no longer needed.

 

OR could be NAV.
for winrar
Open winrar>options>settings>integrating tab untick items under "shell integration" and under "interface" if you like > CLICK OK

 

Hi there handsoff

regarding the strange entry in win.ini that you mention. There is a particular class of trojan called a RAT (remote access trojan) that does create entries in win.ini on infected machines dependant on the OS. In light of the garbled text associated with the RATS entry, this is definately something that needs further investigation. I have also noticed an increasing number of infections incurred through infected .rar files and this is possibly related to your comment on Winrar. Can you tell me what OS you are running please? You may like to consider posting a HJT log at one of the forums who deal with them such as

GeekstoGo

TomCoyote

bleeping computer

While all 3 of these forums will provide a great service, I am on the HJT Staff at GeekstoGo and will happily have a look at a log for you if you make a post there.

HDRiderUK

 

Hi Hadi -

I suppose it could be NAV, but I use the feature too much to see it go. I did notice one more menu choice that I overlooked. "Shred with Bleach" - Pretty sure that is windows washer, and it is not a feature that I use so I will work on removing that.


To HD Rider - Is your handle related to the music group(s) NB Ridaz / NB Riders? It just has a familiar ring to it. Oh yeah, my RAT thing. My OS is the ubiquitous Windows Home Edition. I appreciate your offer to look at my HJT log and I will go to geek to go too after posting this.

There is definitely something odd hear. I have seen something like that scrawl and been told it had to do with a device signature or something, but its location in the winini (kpt) seems out of place. I have included a log from about 3 or 4 months ago. The differences seem to confirm that understanding winini is out of the question. Notice the strange entry that looks crazy. Somehow it when away, along with some other stuff. I am going to do a CHKDSK for the fun of it then will do the HJT.


- Thanks for the help everyone! - HandsOff

 

Hiya

Nope, my nick is related to the fact that I ride a Harley and live in the UK

Thanks for the info on your OS, I asked that because the nasty which i thought you may be infected with creates an entry on win.ini, but only on Win95 to 98 systems, It doesnt do it on XP. Ah well, back to the drawing board.

If you do post a log on GTG, send me a PM to let me know.On GtG, my nick is UKBiker.

HDRiderUK

 

I have the 'device2' entry as well - totally not understandable.

I've run HijackThis, and it appears my PC is clean. So I dont think you need to worry about 'device2'.

 

Hi Firecat-

that one disappeared anyway, the other one seems odd. The world seems odd.

HD - I had something come up but am posting the HJT log as soon as I copy the info from this thread.


- HandsOff

 

Hi there Handsoff

I just checked at GtG, and I cannot find your post there, are you sure that you managed to post the log? If you would like to provide a link to it, either here or via PM to me, I will check it straight away. If you are having problems posting a log, let me know and i will walk you throughthe process.

HDRider Uk

 

Hi HDR-

I did post it, but I did not see the log come up. I saw that there were a number of "before you post" steps. Do you really need to run ad-aware, and ewido? I use spybots and Trojan Hunter, and doubt I will have much different results using the ones suggested.

This is the only forum that I post to on a regular basis, so I am not to familiar with the ins and outs of posting. My name on that forum is also HandsOff. I did not see how to pm you there. For some reason I just go blind when it comes to reading menu's and finding stuff on webforms and webpages. It can be right in front of me and still i wont see it. sometimes its because i have animations deactivated at the browser level, and flash deactivated, lots of ad blocking and so on. Anyway, not sure how to procede. I am beginning to think I just have some garden variety software conficts. I have trialed Ewido, Giant, and TD3 before purchasing Trojan Hunter. Within the last couple months I trialed Webroots SpySweeper, and regualarly run Spybots S&D and CWShredder, and have been all clean. Contraversy aside, I hear Ad-Aware is much improved.

...So, I think I will go ahead and install and run it (Ad-Aware free version). I would just as soon install and run A^2 since it is free and might be a good backup program. I don't remember what the ewido usage is. do they have a free version? Well, guess I will find out!


- HandsOff