New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cyberpersons Proxmox Windows 2008 Template
Is anyone using @cyberpersons Proxmox Windows 2008 template? There is a process called winin1t.exe that is eating the cpu hard and I can't figure out a way to uninstall it. It doesn't show up in remove programs and it automatically creates a new executable when I manually delete it.
Comments
Quick google:
http://windows.ifmdb.com/YqNncKQx-wininit-exe-using-50-cpu.html
https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/wininitexe-permanently-using-50-cpu/0978c621-4a10-49f8-a639-3b18fcb646e4?auth=1
Are you being serious, or just trolling?
Why would "Windows Start-Up Application" show up in there?
I'm not sure if wininit.exe is the same as winin1t.exe? It looks like it is Beyond Compare - https://www.scootersoftware.com/index.php
I thought it may have shown up there because it may be Beyond Compare - https://www.scootersoftware.com/index.php
if it has a 1 in the filename I am pretty certain that you are infected.
Another process checks if that exe file is running and starts it again if it's not.
reinstall, if it is still there then I would scrap that image as containing viruses.
I thought it may have shown up there because it may be Beyond Compare - https://www.scootersoftware.com/index.php
Ah, apologies then.
If you upload the binary I'd be more than happy to take a look at it for you.
I reinstalled and it came back when running Windows Update.
Ah sorry - I thought you hit a 1 by mistake :P
I remember this .exe from https://www.lowendtalk.com/discussion/122525/veesp-com-warning
Users being hacked or .exe included in the template?
The ISO I used to create this template came directly from Microsoft, can you please confirm if it comes on fresh install or after update?
Also is it possible I could get access to the VM and look into this.
Regards
If it comes after an update it could be that the original file should be replaced afger a reboot.
Does the VM only have one cpu?
wininit.exe is requires in order to function Windows. Wininit.exe is launcher for the majority of the background applications that are always running.
You cannot kill this process. Use Sysinternals Process Explorer and find out if you have two processes (wininit.ex and winin1t.exe) are running or not. Commands stored in the file WinInit.ini
If both processes are running then winin1t.exe is not Windows process. winint.exe file's location should be C:\Windows\system32\wininit.exe
You can use Microsoft's Safety Scanner tool.
https://www.microsoft.com/en-us/wdsi/products/scanner
It comes when Windows Updates is downloading. The VM has 2 cpus
It is winin1t.exe. The 1 is not a typo.
Reason I asked is because I've seen it a few times that when Win Update is running and the server only has 1cpu it will run at 100%.
What folder is the winin1t.exe file in? You can find it using task manager.
Run ADWCleaner, It might be able to detect and clean malicious executable.
You can run SFC /scannow to check if any windows libs are modified.
@cyberpersons I created a VM from scratch and I'm not seeing winin1t.exe. It's some how gotten into the template I downloaded from your site.