"wintis32.exe", what is it?

Toggle sidebar Toggle sidebar
K

Kenny

Distinguished
Feb 9, 2001
379
0
18,780
Archived from groups: microsoft.public.windowsxp.basics (More info?)

Zone Alarm continually tells me "wintis32.exe" is trying to access the
internet, I always deny it access.
Searching PC for this file, it is hidden and located in:
C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
I have deleted it from there but it comes back after a restart!
Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
The IP address it points to is:
195.92.195.94:DNS, I have tried "Whois" on that but don't really understand
it and came up with nothing.
Googling it only came up with this:
http://www.google.co.uk/search?q=wintis32.exe&hl=en
which appear to be forum posts in Spanish and I can't understand them.
Have also searched MS site, nothing there.
I am very suspicious of this, would like to know what it is and how to stop
it coming back after deletion.
Using XP Pro with SP2.
Any help appreciated.

--

Kenny Cargill
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.basics (More info?)

Hi Kenny,

If it looks like a duck, and acts like a duck......

Yes, it's a nasty. Clear the temp folder completely, and also the Temporary
Internet Files. Then restart the system in Safe mode, follow the steps
outlined here: http://rickrogers.org/fixes.htm#trojan

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Kenny" <me@privacy.net> wrote in message
news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
> Zone Alarm continually tells me "wintis32.exe" is trying to access the
> internet, I always deny it access.
> Searching PC for this file, it is hidden and located in:
> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
> I have deleted it from there but it comes back after a restart!
> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
> The IP address it points to is:
> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
> understand it and came up with nothing.
> Googling it only came up with this:
> http://www.google.co.uk/search?q=wintis32.exe&hl=en
> which appear to be forum posts in Spanish and I can't understand them.
> Have also searched MS site, nothing there.
> I am very suspicious of this, would like to know what it is and how to
> stop it coming back after deletion.
> Using XP Pro with SP2.
> Any help appreciated.
>
> --
>
> Kenny Cargill
>
>
>
 
K

Kenny

Distinguished
Feb 9, 2001
379
0
18,780
Archived from groups: microsoft.public.windowsxp.basics (More info?)

Thanks for the reply, have followed your advice and it appears to be gone.

--

Kenny Cargill


"Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
> Hi Kenny,
>
> If it looks like a duck, and acts like a duck......
>
> Yes, it's a nasty. Clear the temp folder completely, and also the
> Temporary Internet Files. Then restart the system in Safe mode, follow the
> steps outlined here: http://rickrogers.org/fixes.htm#trojan
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Associate Expert - WindowsXP Expert Zone
> www.microsoft.com/windowsxp/expertzone
> Windows help - www.rickrogers.org
>
> "Kenny" <me@privacy.net> wrote in message
> news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
>> Zone Alarm continually tells me "wintis32.exe" is trying to access the
>> internet, I always deny it access.
>> Searching PC for this file, it is hidden and located in:
>> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
>> I have deleted it from there but it comes back after a restart!
>> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
>> The IP address it points to is:
>> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
>> understand it and came up with nothing.
>> Googling it only came up with this:
>> http://www.google.co.uk/search?q=wintis32.exe&hl=en
>> which appear to be forum posts in Spanish and I can't understand them.
>> Have also searched MS site, nothing there.
>> I am very suspicious of this, would like to know what it is and how to
>> stop it coming back after deletion.
>> Using XP Pro with SP2.
>> Any help appreciated.
>>
>> --
>>
>> Kenny Cargill
>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.basics (More info?)

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Kenny" <me@privacy.net> wrote in message
news:uWOMfXASFHA.1396@TK2MSFTNGP10.phx.gbl...
> Thanks for the reply, have followed your advice and it appears to be gone.
>
> --
>
> Kenny Cargill
>
>
> "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
>> Hi Kenny,
>>
>> If it looks like a duck, and acts like a duck......
>>
>> Yes, it's a nasty. Clear the temp folder completely, and also the
>> Temporary Internet Files. Then restart the system in Safe mode, follow
>> the steps outlined here: http://rickrogers.org/fixes.htm#trojan
>>
>> --
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Associate Expert - WindowsXP Expert Zone
>> www.microsoft.com/windowsxp/expertzone
>> Windows help - www.rickrogers.org
>>
>> "Kenny" <me@privacy.net> wrote in message
>> news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
>>> Zone Alarm continually tells me "wintis32.exe" is trying to access the
>>> internet, I always deny it access.
>>> Searching PC for this file, it is hidden and located in:
>>> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
>>> I have deleted it from there but it comes back after a restart!
>>> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
>>> The IP address it points to is:
>>> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
>>> understand it and came up with nothing.
>>> Googling it only came up with this:
>>> http://www.google.co.uk/search?q=wintis32.exe&hl=en
>>> which appear to be forum posts in Spanish and I can't understand them.
>>> Have also searched MS site, nothing there.
>>> I am very suspicious of this, would like to know what it is and how to
>>> stop it coming back after deletion.
>>> Using XP Pro with SP2.
>>> Any help appreciated.
>>>
>>> --
>>>
>>> Kenny Cargill
>>>
>>>
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.basics (More info?)

No problem Kenny, glad to hear it helped.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Kenny" <me@privacy.net> wrote in message
news:uWOMfXASFHA.1396@TK2MSFTNGP10.phx.gbl...
> Thanks for the reply, have followed your advice and it appears to be gone.
>
> --
>
> Kenny Cargill
>
>
> "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
>> Hi Kenny,
>>
>> If it looks like a duck, and acts like a duck......
>>
>> Yes, it's a nasty. Clear the temp folder completely, and also the
>> Temporary Internet Files. Then restart the system in Safe mode, follow
>> the steps outlined here: http://rickrogers.org/fixes.htm#trojan
>>
>> --
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Associate Expert - WindowsXP Expert Zone
>> www.microsoft.com/windowsxp/expertzone
>> Windows help - www.rickrogers.org
>>
>> "Kenny" <me@privacy.net> wrote in message
>> news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
>>> Zone Alarm continually tells me "wintis32.exe" is trying to access the
>>> internet, I always deny it access.
>>> Searching PC for this file, it is hidden and located in:
>>> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
>>> I have deleted it from there but it comes back after a restart!
>>> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
>>> The IP address it points to is:
>>> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
>>> understand it and came up with nothing.
>>> Googling it only came up with this:
>>> http://www.google.co.uk/search?q=wintis32.exe&hl=en
>>> which appear to be forum posts in Spanish and I can't understand them.
>>> Have also searched MS site, nothing there.
>>> I am very suspicious of this, would like to know what it is and how to
>>> stop it coming back after deletion.
>>> Using XP Pro with SP2.
>>> Any help appreciated.
>>>
>>> --
>>>
>>> Kenny Cargill
>>>
>>>
>>>
>>
>>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom