winini2.exe wild connection

Hi everyone,

I’ve discovered today that an application called winini2.exe is launching connection attempt on irc.futureforce.org on port 6667 (IRC). I never installed it so am suspecting some sort of trojan or spyware (undetected by adaware though)

Have someone heard of this? I checked on google and find one or two hits in russian… not very helpful. Is it a new virus?

When looking for it, I found it in the registry as a \runservices application called “Microsoft Update Machine”. The application is located in c:\windows\system32\winini2.exe and is a hidden file.

Any help or hint would be great.

Enjoy,

jc

Have you tryed scanning it with avast!?

If you have and still suspect it, try an online scanner such as Trend micro.

Please post a HijackThis log here. I suspect that will show some more harmfull things.

well you have the W32/Rbot-FR worm
http://www.sophos.com/virusinfo/analyses/w32rbotfr.html