Jump to content

Is it OK to let Malwarebytes - "Remove" c:\windows\system32\userinit.exe ?


Recommended Posts

- If this is not the correct forum for this please direct me and I will repost - thanks

- I'm running XP-Pro and latest Malwarebytes with latest updates

- I read the instructions at "I'm infected. What do I do now?"

- Malwarebytes reported...

===== Start Report =====

Multiple threat dection

Infection list:

1

File name: c:\windows\system32\userinit.ece

Threat name: Trojan horse Downloader.Agent.ATHF

Detected on open

2

File name: c:\windows\system32\userinit.ece

Threat name: Trojan horse Downloader.Agent.ATHF

Detected on open

Details:

1 Process Name: C:\Malwarebyes' Anti-Malware\mbam.exe

Process ID: 4476

2 Process Name: C:\Malwarebyes' Anti-Malware\mbam.exe

Process ID: 2304

===== End Report =====

- I chose "Ignore" (because I had read somewhere else that "removing" userinit.exe would prevent you from logging on later)

- Then Malwarebytes reported the scan was complete and showed two registery errors

- (BUT no file errors... which seems to confilct with the report above)

- Should I have chose "Remove threat as Power User" or was it correct to choose "Ignore"

Here is the log:

===== Log start =====

Malwarebytes' Anti-Malware 1.33

Database version: 1687

Windows 5.1.2600 Service Pack 3

1/26/2009 10:11:44 AM

mbam-log-2009-01-26 (10-11-36).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 167717

Time elapsed: 47 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

===== Log end =====

- Should I chose "Remove Selected" for the two registry keys shown above?

- How can I get this Trojan of this machine? I read fixing the file userinit.exe is difficult and risky. Some say run sfc.exe /scannow with original xp-pro cd in machine... but this Toshiba laptop only comes with an "image" and Toshiba told me it will only restore the entire system... so I lose data dna have to reinstall all app's.

Thanks for any help on this.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.