Removing the WinIk Trojan

This trojan appears to be installed by a system driver winik.sys which loads on boot-up. In the course of running it creates a random directory in the Program Files folder, and then starts a randomly named exe file multiple times, until, basically, the machine locks up.

I tried several of the suggestions found in several threads.What finally worked was:

1. Boot computer with floppy disk from Windows 98.
2. Delete C:\WINNT\SYSTEM32\Drivers\winik.sys
3. Delete c:\Program Files\XXXXXXXX where XXXXX is the folder containing

(substitute the names of the actual directories/files)

4. Reboot machine
5. Clean registry with CCleaner.
Repeat step 5 until it shows that all the bad keys have been deleted. I had several thousand.
6. Rescan using Microsoft Anti-Spyware, Ad-Aware, and Spybot
All three showed different problems (!)


1. By booting with Win98 I was able to access the files on the C: drive on the Windows 2000 Professional drive FAT32.
If it had been NTFS, I might have stayed further in the soup, but it appears that Win98 successfully ignored any file attribute settings or any settings based on Windows security.

2. Before doing any of this, I would give serious consideraton to reformatting the hard drive, and reinstalling everything.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s