Jump to content

removed this file as advised


Recommended Posts

During a scheduled scan last night I received an indication that trojan pws was present.

I took the action to delete the indicated entries.

-----------------------------------------------------------

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

------------------------------------------------------------

I checked quarantine expecting the file to be there in case I needed to restore. It is not.

I then read that this file should never be deleted because you cannot log in or out of your system without it. However, my system appears to be working fine. I have booted it and logged in several times. Can someone tell me whats happening?. Do I need this file?

Thank you

Link to post
Share on other sites

Hello kevm ,Welcome to Malwarebytes.org :D !

Malware can disguise itself as legit Windows applications. The file here was quarantained, and deleted during reboot.

Normally, if you do a quick scan and it does not find anything, you should be fine.

If you want to be sure, you can follow the steps below:

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Hello kevm ,Welcome to Malwarebytes.org B) !

Malware can disguise itself as legit Windows applications. The file here was quarantained, and deleted during reboot.

Normally, if you do a quick scan and it does not find anything, you should be fine.

If you want to be sure, you can follow the steps below:

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thanks. I sent it over to support. I do have the licensed version

Take care

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.