Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Userinit.exe


  • Please log in to reply
6 replies to this topic

#1 CaLiFol2niCaTioN

CaLiFol2niCaTioN

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 22 August 2008 - 02:21 AM

First off, thanks Grinler for the great tut on how to use Autoruns to optimize computers.

I managed to get everything to work and was about to uncheck userinit.exe when Autoruns gave me a popup box saying that unchecking userinit.exe will prevent me from logging on. Is this just the trojan or is the userinit actually legit? In the database it says that userinit.exe is malware, so I'm at a crossroads.

Thanks for reading!

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 22 August 2008 - 09:35 AM

Userinit.exe is legitimate. When using the database you must check to make sure the paths in the database that are flagged as malware are the same as in autoruns.

For example, if it says in the database that C:\Windows\userinit.exe is malware and autoruns shows your userinit.exe in C:\Windows\System32, then they are different files.

#3 ndancosse

ndancosse

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 28 November 2008 - 10:23 AM

so if u accidentally do uncheck this than how do u get back to recheck it?

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:24 PM

Posted 28 November 2008 - 11:51 AM

userinit.exe is a key process in the Windows operating system. On boot-up it manages the different start up sequences needed, such as establishing network connection and starting up the Windows shell. This program is important for the stable and secure running of your computer and should not be terminated.
userinit.exe should not be disabled, It is required for essential applications to work properly..


so if u accidentally do uncheck this than how do u get back to recheck it?

I'm not sure if you could get into Safemode. You'd probably have to do sfc /scannow or a repair install

Edited by garmanma, 28 November 2008 - 11:53 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 savethewhales

savethewhales

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 28 February 2009 - 01:42 PM

Hello, I have the file which I copied and pasted below shown in my autorun scan.

C:\WINDOWS\system32\userinit.exeUserinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

The database shows several programs with filename userinit.exe listed as malware. The legitimate program, the one which plays an important role in startup, however, is listed as having filename AUserInit.exe, which, so far as my untrained eye can tell, does not match the file which I have pasted above. The filename is the same as the malware, but different than the filename of the legitimate windows file.
All of the malware with matching filenames however, are named, while this file does not have a name. Since the legitimate file also does not have a name, it seems that the file here has similarities to both the good and the bad matches nothing exactly. Does anyone out there have any advice?
Thanks in advance for any help you can offer.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 28 February 2009 - 03:45 PM

C:\Windows\system32\userinit.exe is legitimate.

#7 savethewhales

savethewhales

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 28 February 2009 - 05:29 PM

Thank you very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users