Jump to content

userinit.exe vs Malwarebytes 1-0 Windows 7 !! :/


ayashi

Recommended Posts

I use Windows 7 64 bit, and about an hour ago I couldn't open my programs from Rocket Dock, and lost complete functionality in my Control Panel/Add and remove Programs. Flash scan turns up:

Immediately afterwards the log reads:

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

I also received a notification of an ip trying to get in: 02:27:56 Owner MESSAGE Protection started successfully

02:27:59 Owner MESSAGE IP Protection started successfully

02:39:57 Owner MESSAGE Protection started successfully

02:40:01 Owner MESSAGE IP Protection started successfully

02:46:09 Owner IP-BLOCK 67.215.229.230

02:55:59 Owner MESSAGE IP Protection stopped

02:55:59 Owner MESSAGE IP Protection started successfully

02:57:46 Owner MESSAGE IP Protection stopped

If I scan again, it will appear to be gone. I still cannot use half of my features or the control panel. I've tried various system restores from over a month ago but with no success, the thing won't die. AVG doesn't even FIND it. I've got my restore CD's but as Gateway's *&$#*&(@$*& software would have it, it hangs on the third disk at "Restore Progress...." and my only other option is a total reinstall. Can anyone help me? My tech knowledge level is about average.

Thanks gang

Link to post
Share on other sites

If there's an edit button and I'm missing it then feel free to ridicule me. I was looking at some other posts that mention other like-software they have installed. I have CCleaner and Licensed AVG Internet Security 2011 (which I'm still laughing did not detect this)

Link to post
Share on other sites

I must be on at a really bad time of night or something. I ran both avg and mbam scan/removals in safemode, rebooted and got the same result as before.

Attempting the 'repair' feature on the restore disks, providing it doesn't hang on disk 3 as it has been known to.

I hope this is at least somewhat entertaining for some of you out there :D

Link to post
Share on other sites

I must be on at a really bad time of night or something. I ran both avg and mbam scan/removals in safemode, rebooted and got the same result as before.

Attempting the 'repair' feature on the restore disks, providing it doesn't hang on disk 3 as it has been known to.

I hope this is at least somewhat entertaining for some of you out there :D

Link to post
Share on other sites

it hung at "Please wait a moment..." at stage 5/6 "Restore Progress" on the third Disk. the "..." are moving though as if loading.. ... ... ...... etc.

A "moment" has been six minutes so far. This thing is tragic. Hope one of you techs wake up soon :|

You are posting at the wrong place, this is for posting new rogue samples

help with malware removal is here http://forums.malwarebytes.org/index.php?showforum=7

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

Link to post
Share on other sites

Thanks Gammo, but I backed up everything and reformatted about 48 hours after posting--my place of business can't halt production especially with the apparent lack of promptness; not that it's your fault, but I DID pay a license fee for this software, which DID identify the virus/malware, stated that it was removed successfully, then apparently did NOT succeed after making me restart.

I did ask for information regarding refunds, but that process seems even more hectic than the removal of this nuisance malware in the first place :/

I still really like Malwarebytes, but if it can identify the problem it should be able to remove it. "If you can touch the ball you should be able to catch it."

Nonetheless, I appreciate someone with what looks like a viable solution getting back to me on this, even if it was about a week later.

T

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.