"wintis32.exe", what is it?

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Zone Alarm continually tells me "wintis32.exe" is trying to access the
internet, I always deny it access.
Searching PC for this file, it is hidden and located in:
C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
I have deleted it from there but it comes back after a restart!
Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
The IP address it points to is:
195.92.195.94:DNS, I have tried "Whois" on that but don't really understand
it and came up with nothing.
Googling it only came up with this:
http://www.google.co.uk/search?q=wintis32.exe&hl=en
which appear to be forum posts in Spanish and I can't understand them.
Have also searched MS site, nothing there.
I am very suspicious of this, would like to know what it is and how to stop
it coming back after deletion.
Using XP Pro with SP2.
Any help appreciated.

--

Kenny Cargill
4 answers Last reply
More about wintis32
  1. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Hi Kenny,

    If it looks like a duck, and acts like a duck......

    Yes, it's a nasty. Clear the temp folder completely, and also the Temporary
    Internet Files. Then restart the system in Safe mode, follow the steps
    outlined here: http://rickrogers.org/fixes.htm#trojan

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Kenny" <me@privacy.net> wrote in message
    news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
    > Zone Alarm continually tells me "wintis32.exe" is trying to access the
    > internet, I always deny it access.
    > Searching PC for this file, it is hidden and located in:
    > C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
    > I have deleted it from there but it comes back after a restart!
    > Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
    > The IP address it points to is:
    > 195.92.195.94:DNS, I have tried "Whois" on that but don't really
    > understand it and came up with nothing.
    > Googling it only came up with this:
    > http://www.google.co.uk/search?q=wintis32.exe&hl=en
    > which appear to be forum posts in Spanish and I can't understand them.
    > Have also searched MS site, nothing there.
    > I am very suspicious of this, would like to know what it is and how to
    > stop it coming back after deletion.
    > Using XP Pro with SP2.
    > Any help appreciated.
    >
    > --
    >
    > Kenny Cargill
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Thanks for the reply, have followed your advice and it appears to be gone.

    --

    Kenny Cargill


    "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
    news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
    > Hi Kenny,
    >
    > If it looks like a duck, and acts like a duck......
    >
    > Yes, it's a nasty. Clear the temp folder completely, and also the
    > Temporary Internet Files. Then restart the system in Safe mode, follow the
    > steps outlined here: http://rickrogers.org/fixes.htm#trojan
    >
    > --
    > Best of Luck,
    >
    > Rick Rogers, aka "Nutcase" - Microsoft MVP
    > http://mvp.support.microsoft.com/
    > Associate Expert - WindowsXP Expert Zone
    > www.microsoft.com/windowsxp/expertzone
    > Windows help - www.rickrogers.org
    >
    > "Kenny" <me@privacy.net> wrote in message
    > news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
    >> Zone Alarm continually tells me "wintis32.exe" is trying to access the
    >> internet, I always deny it access.
    >> Searching PC for this file, it is hidden and located in:
    >> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
    >> I have deleted it from there but it comes back after a restart!
    >> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
    >> The IP address it points to is:
    >> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
    >> understand it and came up with nothing.
    >> Googling it only came up with this:
    >> http://www.google.co.uk/search?q=wintis32.exe&hl=en
    >> which appear to be forum posts in Spanish and I can't understand them.
    >> Have also searched MS site, nothing there.
    >> I am very suspicious of this, would like to know what it is and how to
    >> stop it coming back after deletion.
    >> Using XP Pro with SP2.
    >> Any help appreciated.
    >>
    >> --
    >>
    >> Kenny Cargill
    >>
    >>
    >>
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Kenny" <me@privacy.net> wrote in message
    news:uWOMfXASFHA.1396@TK2MSFTNGP10.phx.gbl...
    > Thanks for the reply, have followed your advice and it appears to be gone.
    >
    > --
    >
    > Kenny Cargill
    >
    >
    > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
    > news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
    >> Hi Kenny,
    >>
    >> If it looks like a duck, and acts like a duck......
    >>
    >> Yes, it's a nasty. Clear the temp folder completely, and also the
    >> Temporary Internet Files. Then restart the system in Safe mode, follow
    >> the steps outlined here: http://rickrogers.org/fixes.htm#trojan
    >>
    >> --
    >> Best of Luck,
    >>
    >> Rick Rogers, aka "Nutcase" - Microsoft MVP
    >> http://mvp.support.microsoft.com/
    >> Associate Expert - WindowsXP Expert Zone
    >> www.microsoft.com/windowsxp/expertzone
    >> Windows help - www.rickrogers.org
    >>
    >> "Kenny" <me@privacy.net> wrote in message
    >> news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
    >>> Zone Alarm continually tells me "wintis32.exe" is trying to access the
    >>> internet, I always deny it access.
    >>> Searching PC for this file, it is hidden and located in:
    >>> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
    >>> I have deleted it from there but it comes back after a restart!
    >>> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
    >>> The IP address it points to is:
    >>> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
    >>> understand it and came up with nothing.
    >>> Googling it only came up with this:
    >>> http://www.google.co.uk/search?q=wintis32.exe&hl=en
    >>> which appear to be forum posts in Spanish and I can't understand them.
    >>> Have also searched MS site, nothing there.
    >>> I am very suspicious of this, would like to know what it is and how to
    >>> stop it coming back after deletion.
    >>> Using XP Pro with SP2.
    >>> Any help appreciated.
    >>>
    >>> --
    >>>
    >>> Kenny Cargill
    >>>
    >>>
    >>>
    >>
    >>
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    No problem Kenny, glad to hear it helped.

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Kenny" <me@privacy.net> wrote in message
    news:uWOMfXASFHA.1396@TK2MSFTNGP10.phx.gbl...
    > Thanks for the reply, have followed your advice and it appears to be gone.
    >
    > --
    >
    > Kenny Cargill
    >
    >
    > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
    > news:uSyW%23%23%23RFHA.3732@tk2msftngp13.phx.gbl...
    >> Hi Kenny,
    >>
    >> If it looks like a duck, and acts like a duck......
    >>
    >> Yes, it's a nasty. Clear the temp folder completely, and also the
    >> Temporary Internet Files. Then restart the system in Safe mode, follow
    >> the steps outlined here: http://rickrogers.org/fixes.htm#trojan
    >>
    >> --
    >> Best of Luck,
    >>
    >> Rick Rogers, aka "Nutcase" - Microsoft MVP
    >> http://mvp.support.microsoft.com/
    >> Associate Expert - WindowsXP Expert Zone
    >> www.microsoft.com/windowsxp/expertzone
    >> Windows help - www.rickrogers.org
    >>
    >> "Kenny" <me@privacy.net> wrote in message
    >> news:el%23yzt%23RFHA.688@TK2MSFTNGP10.phx.gbl...
    >>> Zone Alarm continually tells me "wintis32.exe" is trying to access the
    >>> internet, I always deny it access.
    >>> Searching PC for this file, it is hidden and located in:
    >>> C:\Documents and Settings\Kenny Cargill\Local Settings\Temp.
    >>> I have deleted it from there but it comes back after a restart!
    >>> Have run AdAware, SpyBot, CounterSpy, AVG free and online virus scans.
    >>> The IP address it points to is:
    >>> 195.92.195.94:DNS, I have tried "Whois" on that but don't really
    >>> understand it and came up with nothing.
    >>> Googling it only came up with this:
    >>> http://www.google.co.uk/search?q=wintis32.exe&hl=en
    >>> which appear to be forum posts in Spanish and I can't understand them.
    >>> Have also searched MS site, nothing there.
    >>> I am very suspicious of this, would like to know what it is and how to
    >>> stop it coming back after deletion.
    >>> Using XP Pro with SP2.
    >>> Any help appreciated.
    >>>
    >>> --
    >>>
    >>> Kenny Cargill
    >>>
    >>>
    >>>
    >>
    >>
    >
    >
Ask a new question

Read More

Windows XP