Why does CWShredder tell me this....

Discussion in 'other anti-malware software' started by HandsOff, May 25, 2004.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Why does CWShredder mention the following lines?

    Found Win.ini file: C:\WINDOWS\win.ini (705 bytes, -)
    Found System.ini file: C:\WINDOWS\system.ini (254 bytes, -)


    I ask because i assume it is supposed to either reassure me or warn me...maybe if the values are out of some unknown range?

    Maybe it's bad or good if the files exist?

    Maybe they should exist, but only in some certain directory?

    I have XP-Home edition. i think in older window this files would be located somewhere else, is that what this is trying to say...in other words, watch out if they are in your root directory?

    Or...were they actually included for no reason at all!?!?!

    -HandsOff
     
  2. Nick

    Nick Registered Member

    Joined:
    May 14, 2002
    Posts:
    187
    Location:
    California
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Since you asked CWS to Scan only....it is pretty much as you described...."either reassure me or warn me...maybe if the values are out of some unknown range?". Among the many places malware can sneak in and cause damage are the files you referenced....System.ini\Win.ini and in particular System.ini---shell= and Win.ini....Load=\Run= whereby they are modified to hook into system startup. .

    *Malware tricks to load trojans for example*
    System.ini----Shell = “Explorer.exe %System%\netdc.exe
    Win.ini----"run" = %WinDir%\dllreg.exe

    Bubba
     
  4. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    ah! i begin to see, I guess i would have to look at it...maybe i should...and see what is inside. For what it is worth this is what's in them. doesnt really tell me anything. i have no reason to suspect anything wrong, i just wanted to know if there was some special thing to look for, like when it says if value is 2...but i guess not.

    SYS.INI
    ; for 16-bit app support
    [drivers]
    wave=mmdrv.dll
    timer=timer.drv
    [mci]
    [driver32]
    [386enh]
    woafont=dosapp.FON
    EGA80WOA.FON=EGA80WOA.FON
    EGA40WOA.FON=EGA40WOA.FON
    CGA80WOA.FON=CGA80WOA.FON
    CGA40WOA.FON=CGA40WOA.FON
    [Macx]
    DeviceBitmaps=OFF

    WIN.INI
    ; for 16-bit app support
    [fonts]
    [extensions]
    [mci extensions]
    [files]
    [Mail]
    MAPI=1
    MAPIX=1
    [MCI Extensions.BAK]
    aif=MPEGVideo
    aifc=MPEGVideo
    aiff=MPEGVideo
    asf=MPEGVideo2
    asx=MPEGVideo2
    au=MPEGVideo
    ivf=MPEGVideo2
    m1v=MPEGVideo
    m3u=MPEGVideo2
    mp2=MPEGVideo
    mp2v=MPEGVideo
    mp3=MPEGVideo2
    mpa=MPEGVideo
    mpe=MPEGVideo
    mpeg=MPEGVideo
    mpg=MPEGVideo
    mpv2=MPEGVideo
    snd=MPEGVideo
    wax=MPEGVideo2
    wm=MPEGVideo2
    wma=MPEGVideo2
    wmp=MPEGVideo2
    wmv=MPEGVideo2
    wmx=MPEGVideo2
    wvx=MPEGVideo2
    wpl=MPEGVideo
    [LILACports]
    EPS_LPT1:=
    EPS_LPT2:=
    EPS_LPT3:=
    [embedding]
    Textart7.Document=
    [drawdib]
    vga.drv 1024x768x32(BGR 0)=1,5,1,5
    [Mach]
    devicebitmap=off
    [SciCalc]
    layout=0
     
Loading...
Thread Status:
Not open for further replies.