Oops...just found the answer on this forum elsewhere (was led directly here via Google. Thanks! Slick51

0

You've found the answer?! What is it? I have the same problem not being able to remove BackOrifice.b and would appreciate your help. Thanks.

0

Ok seems we have all updated our spybot defs, adaware dosn't catch this, nor Norton as stated above, whats the fix? Or are we lookin at a glitch

0

I'm having the same issues with 2 of my computers. One at work and one at home. I just updated SpyBot today on both and ran into this issue on both. Error was wininit being used by another application. I renamed wininit to wininit.bak per google search on this problem. Did not help. Any clues?

0

Yea I'm also having this problem. I've spent all day looking up crap about BackOrifice and how to find/remove it, but as far as I can tell, only Spybot seems to see it. Out of curiosity, what exactly do other people's wininit.ini files contain? I couldn't open it w/ spybot running, but after closing that, the file says [rename] NUL=C:\PROGRA~1\INTERN~2\sim\bdl14122.exe I have seen on some virus info sites that you can use wininit to rename a trojan server with a similar syntax as above, but that file path there doesn't exist on my system, so I'm confused. Any ideas are very much appreciated, since I'm really worried about people modifying my system (BO is a very nasty trojan).

0

Hey i have the same problem, but i found something, in the task manager, when you look up for the system procceces, there`s a file called rspv.exe and it uses 792kb of memory and when you close it, it restarts and reappears again, that file wasn`t on my system procceses before maybe it is related or maybe it is just another trojan i have. well anyways i`m trying to know its origin and how to close it, if it is related to the BO and any of you know how to get rid of it, let me know please

0

Updated spybot tonight and got the same thing. Found new process in task manager called wmiprvse.exe and found some info on Neuber.com. They say it may be virus. http://www.neuber.com/taskmanager/process/wmiprvse.exe.html Found a copy of it here: C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\wmiprvse.exe German part of Spybot message "nicht geöffnet werden" roughly translates to "error opening" and is sometimes associated with macro viruses.

0

I am having the same problem that everybody seems to be having since October 26, 2004 after updating Spybot. The message that Spybot returned is as follows: "BackOrifice.B (Datei C:\WINDOWS\wininit.ini kann nicht geoffnet werden The process cannot access the file because it is being used by another process)" I have used Ad-Aware SE Personal and AVG AntiVirus to scan my computer but they were not able to detect BackOrifice. Will appreciate it very much if someone can advise us how we can get rid of the above. Thanks.

0

I just got the same thing... Changed wininit.ini to read only, reran spybot and got Interfun Tried getting rid of interfun without success restarted computer and BO was back... any other thoughts? my changing file type didn't work

0

Ok, I just did something very simple.. I deleted my wininit.ini file after going into safe mode, and restarted.... after that I re-ran s&d and got Cabrotor in my win.ini file... I deleted that, and now I'm getting redlabel in my system.ini.. WTF is going on?!?!?!?

0

I ran my computer in safe mode and renamed wininit.ini to wininit.in and was then able to finally delete it. However, after running Spybot I got the same message with the German text, but for win.ini. I cannot open that file even with Notepad in any mode. Also, I have an invasion of something called Googlem--on looking it up, I see only messages in (shoot, I don't know, Swedish?), so it seems to have originated in Europe and is making its way over here. I have all protections in place and don't even run IE anymore--I use Firefox.

0

I had the same issue and I found this info http://forums.net-integration.net/index.php?showtopic=23997

0

Download new detection updates 2004-10-26 Update SpyBot again.

0

Downloaded and updated to the 2004-10-26 detections: no joy! Still stops with "cannot access file."

0

I got the same here. So I deleted Spybot and reinstalled it. I did NOT update. It is working fine. Hope Kolla fixes this mess soon, though.

0

I fixed it...... ok, here's the low-down first, I downloaded the update for spybot and got BO in my wininit.ini file.. I deleted my wininit.ini file and all other files with wininit.ini then, I restarted then Ran spybot got another listing called Cabrotor in my win.ini file deleted it and all other files with win.ini in it restarted ran spybot got another one... this time it was redlabel and it was in my system.ini file deleted it and all other files with system.ini in it restarted ran spybot and got a clean slate

0

This is making me very paranoid...loaded update 10-26-04 got the backorifice.b message...today a newer update is available 10-27-04 have made no changes from yesterday and get the congratulations no problem message, my wininit file is still there??did yesterdays update have a bad program writing in it? is there a real problem? ad-ware and Mcaffe dont find any problems now spybot says everything is normal! what happeded with yesterdays program-help or information desired am I compromised--Thanks

0

What? There is no new update on the website. It still shows Oct. 26th update. This is really frustrating. The computer I found it on has been riddled with problems. I have run every program out there and still have had problems with it. Mayeb someone can help. I started a few weeks ago using spybot and adaware. Removed all bad programs, and then installed SP2. It was working fine, but now a few weeks later, it can not connect to my serve. It tells me the connection is weak and it can not get assigned an IP address. The IP address it has is not even in the relm of one my serve would assign it. Is this a sign of hijacking? After this problem I ran Spybot again and got the backorifice.b message. Like everyoen else, it couldn't fix it because it was being used. Someone please help. I have 30 computers in my office, and i am getting ready to throw a couple out the windows.

0

Interesting. I ran Spybot and got the Backorifice.B message. I then went to update Spybot and it had a new virus definitions update to download of 10-14-04 ??? Strange.. this was lot earlier than the 10-26-04 that I just downloaded yesterday. I downloaded that 'new update' and ran Spybot and it reported a clean slate. Either there was a programming error or they just do not want us to know about that secret Big brother gov program running in the background ;) Makes you wonder...

0

went to another help site--the low down-the 10-26-04 had a error in from the programmer-today 10-27-04 if you update it again it flashes a command prompt window then everything works fine..no errors All who messed with the wininit yesterday -ah oh!.."It just seems to be a glitch with this update. It isn't saying it found something, only that it can't open a system file that's in use." so load new patch and "don't mess with wininit"

0

Correct!!! Patience is a virtue. The Spybot programmers fixed the problem apparently. Now the BO finding is gone and the scan is much quicker.

0

Yes, latest SpyBotSD does not have the Backorifice.B error message. However the DSO exploit does not really go away even though Spybot thinks it is fixed. A re-run will show the DSO exploit still there. Running in safe mode did not help either

0