Hi, earlier this morning I was online streaming music video's in the background while I was working on some homework. When one of the songs ended, I wanted to hear some lyrics repeated so I went to move the clip position icon from the end back to the middle. When I moved this, my computer froze up for a couple of seconds and then about 5 or 6 Firefox windows popped up saying I was infected and that I had a problem with security on my computer. I figured this was fake as it was telling me that I had the problem yet still it had changed my settings. When all the windows popped up, I quickly closed every application that I had open and I was going to run a McAfee Virus Scan. Once I had closed Firefox, it started to update to a newer version. I feared that this was some sort of malicious software being installed so I cold shut down my computer by hold the power button for 5 seconds. I let the computer sit for a couple of seconds and then restarted it. The computer ran slow and there were pop-ups everywhere about how the comp. was infected. (After some research I found out that a program called fraud.XPantivirus was the cause of this particular problem) With the hold of my girlfriend we downloaded "Spybot S&D" to get rid of all the problems. This got rid of most but left about 4 or 5 that would come back even after restarting the computer when it said it had been fixed. I found a lot of posts that recommended "Malwarebytes anti-Malware" so I installed this and and ran the program. this took care of the fraud.XPantivirus program and the others found by the spybot S&D but found several more problems that it was able to fix and two that it couldn't fix. After having Malwarebytes say it was fixed, it would re-appear when the computer was rebooted. I tried to get rid of it several times as well as running the virus scan a couple of times. Nothing got rid of it. I then searched online and found an almost exact problem description as mine between two bleepingcomputer users Amandinxia and Thunder on Jan. 18th 2009. so I decided to post the problem here. From running the malwarebytes program, these are the two items that kept popping up every time I ran it (the exact error as the other user).
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
How do I get rid of these items? I thought about trying the exact solution posted in response to Amandinxia but as this user was posting file logs which were specific to her problem, I wanted to know If I should do the same. Also, this user posted a dds.txt log and I don't know how to do that. I would like to get rid of these items as it would be nice to have a clean computer again. Please help...and thank you in advance.
Edited by garmanma, 10 March 2009 - 09:46 AM.