What Is Wininit.exe And Why Is It Running

You’re probably here because you’ve seen Wininit.exe in Task Manager and you are wondering why it is running on your computer.  Worry not, typically this process is pretty safe, it is made by Microsoft, and is installed with Windows.  However, there is quite a bit of mystery revolving around this executable and many websites will tell you it is a virus.  Let’s look at this process with a little more detail.

Where winit.exe came from

Winit.exe (Windows Initialize) was made by Microsoft and is a core system process that originated in Windows XP since it has been passed down to both Windows 7 and Vista.  The file was created to allow uninstallers to run and process commands stored in the file WinInit.ini. This allows programs to take action while the computer is still booting up. In Windows 7 and Vista, it primarily acts as a launcher for the majority of the background applications that are always running.

The file is stored locally on your computer at:


If you find this executable stored in any other location, it is likely a virus that is disguising itself by using wininit.exe as its file name.

Should I disable wininit.exe?

No, wininit.exe is a critical system process the Windows requires in order to function.  Ending this process will likely result in a critical system error in which you’ll need to restart your computer.  As you can see in the chart below, wininit.exe is at the top of the process tree for all of windows services, including svchost.exe.

wininit in process explorer

Is wininit.exe dangerous?

On a brand new computer, wininit.exe doesn’t pose any threat at all.  However on older computers that have been in use for while there is the potential problem of a virus renaming itself to wininit.exe in the form of a malicious copycat disguise.  You should be fine though, as long as you have decent security software installed such as Microsoft Security Essentials.


Wininit.exe is a safe Windows executable that was put in place by Microsoft.  By itself, the program is not malicious.  The only danger is that the name can be copied by other programs in an attempt to mask the real virus, however, that can be said for nearly all programs.



  1. Ginny Martinez

    September 9, 2011 at 10:35 am

    I looked in Process explorer and wininit.exe is not there,
    You say it should be in c:\windows\system32 – it is not, searching i found it at c:\windows – Should it be moved to system32 folder??

    Yesterday it was at c:\documents and settings\oldeink\application data\wininit.exe

    Doing a restore got rid of it in the application data but it certainly is not at system32

    • Matthew

      December 21, 2015 at 12:34 am

      If a Windows core file is NOT in System32, but yet it should be, It is highly recommended you scan the file with a trusted software, like Norton or AVG!

      It is more than likely a virus, be careful.

  2. bill

    April 6, 2012 at 2:05 pm

    i have it in system32 and have issues with trojan hacker i dont no…

  3. Jacqy Ley

    August 18, 2012 at 4:53 pm

    My firewall showed warning about wininit.exe since it requested to
    receive information from other computer. I’m still suspicious about this

    • Steve Krause

      August 18, 2012 at 6:55 pm

      That’s interesting. What firewall were you running and what was the error warning msg?

  4. zul

    March 9, 2013 at 1:40 am

    ending a process of wininit.exe cause stop error to my computer

  5. sam

    April 16, 2013 at 9:52 am

    I am just learning about ports and port security. I noticed that I have lots of local ports whose status is “listening.”

    Two of them involved wininit.exe.

    I guess I have two questions – are listening ports open ports and a security risk?

    If so, wouldn’t it be stupid to make wininit.exe accessible this way considering it is one of the most important applications in windows?

    Here is an example, one of two involving wininit on my computer right now in listening” state:

    Process: wininit.exe
    PID: 564
    Protocol : TCP
    local address: (my computer)
    local port: 49152
    Remote Address: (my computer)
    Remote Port: 0
    State: LISTENING

  6. Jimmy

    April 9, 2016 at 3:19 pm

    How to CRASH windows, Go to CMD and run it as Administrator and ender credentials. Type in wininit and you SHOULD get a bsod (BlueScreenODeath). I think it only works on 32 bit devices tho. ;D hHhHhhHHahahah!

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top