Comodo firewall warns on wininit.exe

Ed_in_Tx · June 21, 2014, 1:50pm

Last night Comodo firewall popped up a warning about “wininit.exe”. Noit knowing exactly what it does, so I clicked on do not allow (?) and immediately got the blue screen.

Some brief researching, seems “wininit.exe” is a crucial part of Windows. (Windows 7 here.) So why did Comodo warn on this? The blue screen and warnings that Windows was not shut down properly are somewhat disconcerting to say the least. All seems OK now but who knows…

MorphOS_REBOL · June 21, 2014, 2:55pm

You could check at

if your wininit.exe has been compromised / replaced by malware.

If not, please request your version of this file to be whitelisted.

Kind regards, REBOL.

Ed_in_Tx · June 21, 2014, 7:43pm

Thanks for the reply and link. No further issues so far.

MorphOS_REBOL · June 22, 2014, 1:18pm

You can also check your TCP connections with this prog:

wininit.exe should usually show up as “listening” to local port 49152.
You can safely allow this connection.
Only if it’s showing a remote address here, you should be somewhat concerned. I guess that’s not the case, though?

Kind regards, REBOL.

Sterndi1 · July 2, 2014, 12:19am

What is it listening for? Mine does not listen on port 49152 but some remote IPs wanna talk with my wininit.exe every day which is actually clean over this port. So what is so interesting on my wininit.exe for remote IPs? ???

MorphOS_REBOL · July 2, 2014, 7:39pm

Hi Sterndi,

Which remote IPs? Could you list them here?
(Could be MS, btw.)

Kind regards, REBOL.

Sterndi1 · July 2, 2014, 8:51pm

Hi Sir,

MS-Updates are disabled. I have a router but use it like a modem (DMZ-Host - Ports open). First I also thought MS but it doesn’t seem so. I just blocked the port manually for inbound traffic with COMODO. Most of the traffic/programs I control and configure manually and I consider myself as skilled already.

I’ve been using the router (TC7200) just for a few weeks. I had a normal cable-modem before without any configuration function - all ports were open but cannot remember remote access to wininit.exe. :P0l My PC itself works fine - no strange behaviour in any way. :-TU

Best regards

[attachment deleted by admin]

MorphOS_REBOL · July 2, 2014, 9:33pm

Never saw anything like this related to wininit.exe, to be honest. :-\

178.217.187.38
HOSTEAM S.C., Poland

118.192.48.27
Beijing SanxinShidai Co.,Ltd, China

93.174.95.55
Ecatel LTD, Netherlands

89.207.135.125
IP Range Snel Internet Services B.V. assigned to server #38, Netherlands

220.181.158.174
CHINANET Beijing province network, China

61.160.224.128
CHINANET jiangsu province network, China

125.96.160.190
FibrLINK Communications Co., Ltd., China

Kind regards, REBOL.