WININIGO.EXE - What is it?

[casanovafrankenstein]

Each time I connect to the web my firewall is asking if I want to let WININIGO.EXE access the internet and act as a server. I have declined.
Does anyone know what this app is? I can find no reference to it anywhere on the web, except for one entry in a 'HijackThis' log in this forum. Registry says it's Microsoft Update Machine and I'd like to believe it but I'm not convinced. Many thanks

 

[jbrackett]

Looks like it's part of a W32/Gaobot (aka WORM_RBOT.DM) worm variant. Suggest you check your AV software settings. More information at

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_RBOT.DM

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran

 

[casanovafrankenstein]

Thanks JB - just read your reply. I removed wininigo from the registry after turning off system restore. It kept coming back but after doing the registry clean for all the family accounts, it has finally gone. Norton Antivirus and Sophos did not recognise it which is a bit of a pain. Had trouble connecting to the web but sorted that out by killing msnmsgr and msmsgs(I just got a wireless router/firewall and need to get port forwarding sorted)

 

[bfralia]

Gaobot has been a real pain to the A/V companies because the code was posted somewhere on the web and a lot of different people have modified. The problem isn't so much finding the infecting files as it is finding the files creating them at start up.