Keriofirewall asked for permission for ccases.exe to run (c:\winnt\system32\ccases) and the file had the .rar icon with a upwards pointing arrow.

Anyway it created a couple (maybe more) of .exe files both of which asked permission to run(?). dqddss.exe kept asking permission to run or whatever from keriofirewall. I can't delete dqdds.exe and I can't turn off its running in the Windows task manager.

Is this a virus??? How can I delete it??? :wildcat: Thanks!

well,

first check if its a virus => google search.
when ur sure, it is, u should use an antivirus program.

how i delete those undeletables:

1. reboot win to protected modus
2. go "start/run" type "msconfig" and check the "service" and "autostart" tab. if u find the calls for this exe, disable it.
3. delete the file and/or folder
4. check the file "wininit.ini" for any entry that might call that exe. (easier: if u have that file, just delete it.)
5. go "start/run" type "regedit" and search for that exe file to delete it.

NOTE: be as sure as possible, that those exe might a virus before u delete. if not, just do step 2 and see what happens, if all progs run or not. maybe its an exe for any prog u use.

Thx Brody. I tried googling for the files but I couldn't find them. Another one is cacasp.exe which is trying to get permission from my firewall. It also was created today! Aargggh.

that really sounds like a typical virus. a backdoor thingy. go and delete those things.

How did it get in? Did I d/l something or is there a vulnerable entry point?

Ok I disabled ddqdsznfqs which runs dqddss.exe. This entry appeared twice in msconfig. I also disabled DSAcass which runs cacasp.exe. I deleted those 2 .exe files (there is only 1 copy of each on my computer - I used search). I also deleted ccases which I think created them.

Do I still need to use regedit and wininit.ini?

Thanks BrodyMan!

unsure, i assume u get it by dl something, yes.

well, the wininit.ini i suggest u to do. u can t crash anything by deleting it. wininit.ini is uusally an empty file and it is used only for programs, that got installed and need to overwrite existing files, that were in use while installing. for those things, the installing program writes in wininit.ini to install the rest by new boot. that is what u see in booting "system refresh".

just delete the wininit.ini. then do a new boot and check what happens.
i assume the regedit way will still need to do. but check it. do u have an antivir program?

Yeah I got NAV, AVG, Ad-aware, SD&D, TCMonitor (which went off but I don't know how to use it properly). Therefore I assume it's the American Government and their Patriot Act :cool:

Are you saying I should completely delete wininit.ini and then reboot into normal windows? I just want to clarify before I do something that could crash the computer. :D

1) Uncheck everything - except for processes you know that you need - in MSCONFIG while in safe mode.

2) Reboot into normal mode.

3) Run a virus scan, or just delete the files. Personally, I'd do a scan.

4) Problem solved.

I tried scanning those files individually and it didn't find any problem. But I have deleted them now but I just want to check with Brody before I delete wininit.ini.


I used regedit and found dqddss.exe and another one. I deleted them. :thumb:

yes, but u know, if that helped or not, u ll see after reboot only. :)

Oh I see wininit.ini is not a windows file - it's a keylogger. Yeah I found and deleted the file and its regedit entry.


I'm looking through the registry and according to this site (http://www.2-files.com/filename/wininit-ini) there are a list of .dll's associated with wininit.ini. I found them on my registry but I can't delete them from the registry. I can't find the files themselves.
I have found in the registry:
rmtcore.dll
msrac32.dll
mserrtc.dll
wininit.ini

I'll reboot in safe mode and see if I can delete them then.

hm, no. don t delete that dlls.

the wininit.ini is a file used for programs, that need to overwrite windows files, that are currently in use by windows, while the installing runs. then the prog cannot finish the installation and writes those install commands, that are still need to do, in the wininit.ini, so the installing would finish automatically with the windows boot.

when u delete those dll s now that u found, u would disable the fully function of wininit.ini. which is very bad. the wininit.ini can be misused for those trojan viruses, yes, but the wininit.ini would be need for some programs sometimes, too.

the function u should keep. just deleted the wininit.ini and no bad prog, that might current stand in, is longer able to install new with each reboot.

Yeah well I did my best to delete them but these .dll's kept coming back:
msu00mwin.dll
swebhlp.dll
mserrtrc.dll

So how do I know if there's something wrong with the wininit.ini file? How do I know if wininit.ini is functioning correctly now?
PS Thx for the help Brody.

EDIT: I don't have wininit.ini on my computer anymore. Is that a problem? :sweat:

usually the wininit.ini file is empty.
the using is temporary by programs, u do install and might not finish the install due using dlls by windows.

when u have nothing installed, u can do nothing wrong when u delete this file. any program that might need it, will create it.

So I'm OK then? :cool:

yes sir, when the bad exe s dont come back.....

Thx Brody!!! :) :) :)