In Windows7 Tuesday, June 24, 2014
WININIT: How2fix Procedure for Windows7 (see also: Bymer)
Warning: This malware appears to be a binary weapon (A+B) against your PC CPU. Manual OS file and OS install/repair manipulation and know-how experience and skills are helpful. No registry manipulation is required. A registry cleaner program may help, at the very end after all fixes are performed, and after a final restart. Need your Windows7 install CD.
A) Wininit.exe is needed by Windows7. At the same time the same Wininit.exe –when corrupted- can host/is the BYMER malware. Search the WEB sites referenced at the end of this write-up for more descriptions and explanations. After its deletion, a clean Wininit.exe is auto reinstalled by/via PC repair, with your original Windows7 Install CD. All your personal data, files, programs are maintained (this being a PC Repair Menu choice, not a Windows7 Reinstall).
B) Wininit.ini is unnecessary and is related to the malware only. Does not need to be reinstalled after deletion.
Monitor Wininit.exe CPU time usage by invoking the “Windows Task Manager” with the Ctrl+Alt+Delete key sequence.
Go to “Processes” tab, look for the “Image Name” “wininit.exe” and monitor its CPU usage number. If it stays higher than 0 (zero), or does not decay to 0 (zero), most likely the malware is activated.
Again, this malware slows down the PC by wasting CPU time and starts randomly at PC start-up. From my experience the malware got active 1-in-5 times the PC restarted. The malware never reactivated at the consecutive PC startup. I got tired of it and decided to exterminate it.
Wininit/BYMER malware becomes active at random PC startups, occupies CPU time doing nothing, essentially slowing down the PC. It does not seem to propagate to other PCs.
This write-up below is describing a highly-skilled manual procedure, i.e. trial and error, what I did to remove both:
And how, then, repaired/reinstalled (via Windows7 original CD) only Winint.exe indirectly, via the PC Software Repair Menu and the original Windows7 CD.
Steps (as I remember them from this morning):
Make sure your PC can boot from the CD/DVD drive (the drive is listed in the boot sequence). Have the Windows7 CD.
I started the file rename-&-delete manipulation when the Wininit.exe was occupying CPU time.
1 Identify the location path of the Wininit.ini file on the C:\ drive via Search for “wininit”
2 Rename the Wininit.ini file as ___ Wininit.ini (if this file is locked, use the Unlocker program; it will delete this file at the next PC startup). Do not restart the PC yet.
3 Identify the location path of the Wininit.exe file on the C:\ drive via Search for “wininit”
4 Rename the several Wininit.exe files as ___ Wininit.exe (if these files are locked, use the Unlocker program; it will delete these files at the next PC startup). Do not restart the PC yet.
5 Have the original installation (and repair) Windows7 CD
6 Restart your PC. It may go into a restart loop (observe PC behavior) and Windows on-screen dialog.
7 Insert the Windows7 original CD and select the CD drive as to boot from
8 The Windows dialog will prompt you and you must select the REPAIR options (critical otherwise you will lose your personal info)
9 Windows7 will restart normally after many minutes (~10min?) of repair time.
10 Remove the Windows7 CD from the CD/DVD drive.
1 Bymer Trojan Information and Removal - wininit.exe file virus
2 File: wininit.ini
Location of wininit.ini and Associated Malware
3 Repairing Wininit.exemsinit.exe Errors on Your Windows System
4 The file & folder “Unlocker” program, a free download from
5 CCleaner is THE system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware!
7 Bymer: as described by Trend Micro: Threat Encyclopedia
5 results in Threat Encyclopedia: “bymer”: Showing Results: 1 - 5
Alias:Worm.Win32.Bymer.b (Kaspersky), W32/MsInit.worm (McAfee), W32.HLLW.Bymer (Symantec), Worm/Bymer.B (Avira), W32/Bymer-B (Sophos), Worm...
Alias:Worm.Win32.Bymer.a (Kaspersky), W32/MsInit.worm.b (McAfee), W32.HLLW.Bymer (Symantec), TR/Worm.RC5.WinInit (Avira), W32/Bymer-A (Sophos),Description:This...
Alias:Worm.Win32.Bymer.b (Kaspersky), W32/MsInit.worm (McAfee), W32.HLLW.Bymer (Symantec), Worm/Bymer.B.3 (Avira), Worm-RC5 (Sophos), Worm...
Alias:Worm.Win32.Bymer.b (Kaspersky), W32/MsInit.worm.a (McAfee), W32.HLLW.Bymer (Symantec), W32/Msinit.A (Avira), W32/Bymer-B (Sophos),Description:This...
Alias:Backdoor.Win32.MSBot.c (Kaspersky), BackDoor-DT (McAfee), W32.HLLW.Bymer (Symantec), BDS/MSBot.c.2 (Avira), Troj/Msbot-C (Sophos), Backdoor:Win32/DT (Microsoft)Description...
Hope this provides you with the scope and necessary know-how to fix this problem.
Norton360 software was incapable to detect the Wininit.exe malware in the act (CPU time-waste present), even when (my PC is a dual core Opteron Processor 280 at 2.4GHz) Wininit.exe was wasting 50% of CPU time = one core was put out of commission by Wininit.exe.