Xiaomi Mi Mix 2 review
I have three computers(networked) Running Win 98se with Trend PCcillin 2000 installed (with updated virus pattern). One of the computers that
the boys use has detected the Virus BKDR_SINIT.A in C:Windows\System\svcinit.exe and is unable to delete or quaratine. the Trend website gives instructions on dealing with the problem but it is for Windows NT,2000,and XP. I have tried to modify the procedure for 98se. By starting in safe mode using regedit to remove the svcinit.exe in The Run Services folder and tried to find it in the Winlogon file but I can find no entry to delete. I ran the virus checker again but ti is still there. Can anyone help please
Thanks in anticipation
According to click here it runs on Win NT/2K/XP (so presumably it won't do anything on a 98 machine?)
Thanks for the reply. I appeciate what it says, This is the website I got the instrucions from to remove it, but I am not sure If they have just stopped supporting Win98se. Will it do any damage? It would be nice to remove it, so it doesn't keep generating a warning each time virus scan opperates
doing a search on google i found this entry from another forum, sorry its so big but it does explain how to get rid of it.
as Vog says there is no mention of windows98.
Installation and Autostart Technique
Upon execution, this memory-resident backdoor program copies itself using the file name SVCINIT.EXE in the default system folder. It then attempts to add the following registry entry so that this copy runs at every Windows startup:
(Note: %System% is the Windows system folder, which is usually C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.)
This copy proceeds to delete the original malware file.
To achieve memory residency, this malware also creates the following registry entries:
This effectively executes the backdoor when a user logs into an infected system. The following registry entry is also added:
Once it is already running in the system, it opens Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports and awaits commands from a remote user.
This memory-resident backdoor malware opens random Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports and awaits commands from a remote user.
It runs on Windows NT, 2000 and XP.
Identifying the Malware Program
To remove this malware, first identify the malware program.
1. Scan your system with your Trend Micro antivirus product.
2. NOTE all files detected as BKDR_SINIT.A.
Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro?s free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.
1. Open Windows Task Manager. Press
CTRL+SHIFT+ESC, then click the Processes tab.
2. In the list of running programs, locate the malware file or files detected earlier.
3. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4. Do the same for all detected malware files in the list of running processes.
5. To check if the malware process has been terminated, close Task Manager, and then open it again.
6. Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
To remove the malware autostart entries:
1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
3. In the right panel, locate and delete the entry:
Note: %System% is the Windows system folder, which is usually C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.
4. In the left panel, double-click the following:
5. In the right panel, locate and delete the entry:
6. In the left panel, locate and delete the following:
7. Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_SINIT.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro?s free online virus scanner.
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
This is the site I got the instructions from. I tried as I said to follow the delete instructions I did items 1,2,3 but item 4 in the Winlogon file i couldn't find the svcinit.exe file. I managed to delete item 6. But as I said it still detects the virus
Removal instructions for W98 click here
I will give this a try, and will report back. hopefully shouldn't take too long.
Thanks again, talk soon.
This seems to have got rid of the problem thanks. The only thing is now on boot up I get the "Could not load or run svcinit.exe specified in the win.ini file make sure the file exists on your computer or remove the reference to it in the win.ini file" Will I continue to get this warning as I know I have deleted it as per instructions. The instructions don't mention about removing reference in the win.ini file. If that is what I should do, can you suggest the best way.
Start, run and enter
in the Open box.
Find and delete the line that refers to svcinit.exe
I'll do that hopefully it is not a required program. Cheers
This thread is now locked and can not be replied to.