Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USERINIT LOGON BOX


  • Please log in to reply
36 replies to this topic

#1 dogmaryxx

dogmaryxx

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 June 2009 - 01:10 PM

Have annoying box(see below)that appears during boot up and will remain until I press close.Computer works fine but this irks me.Definitely not a virus.
Can anyone advise how to stop this.

Posted Image

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:09:03 PM

Posted 22 June 2009 - 01:28 PM

Hi dogmayxx, welcome to BC! :thumbsup:

The userint program is an important Windows process. If it's failing then there's likely something afoot.

My research indicates that failure of this program as you've described may be the result of a malware infection. I advise you to run a full system scan with your antivirus and antispyware programs.

Let us know the results!

#3 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:12:03 AM

Posted 22 June 2009 - 01:43 PM

After a scan, if you see it again, click the more information option and screen shot that.

What is your operating system and service pack?

I am thinking it could be the wrong userinit.exe for your environment.

You can also get the version number by right clicking \windows\system32\userint.exe and choose Properties, Version.

Have you had some kind of logon problems in the past and maybe somehow you got hold of a replacement userinit.exe from somewhere/someone?

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#4 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 June 2009 - 03:35 PM

Definitely not malware/virus have scanned and scanned.I think slight misunderstanding,I do not log in,never have and can still access web no problem.Its just the box has appearer recent,never seen it before. XP IE8

Posted Image

#5 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 June 2009 - 03:38 PM

AND

Posted Image

#6 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 June 2009 - 04:29 PM

USERINIT version 5.1.2600.5512

#7 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:12:03 AM

Posted 22 June 2009 - 04:51 PM

That version matches my 2 XP Pro SP3s here.

Did you say you have had an issue with userinit or logons lately that resulted in any changes that may have brought this on?

You said you ran a scan, but with what tools? One scanner doesn't know everything so sometimes it is wise to use a couple.

My favorite free ones this week are:

Download, install, update and do a full scan with these three free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
AVG (AVG): http://free.avg.com/


I think here at BC, the experts have their favorites as well.

My reading is leading me to dead ends, malware infections, sfc /scannows and worse, so if the scanning doesn't do it, I am going to have to think about it some more...

Edited by joseibarra, 22 June 2009 - 04:58 PM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#8 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 June 2009 - 04:50 AM

Hi,

Have completed scans with http://www.kaspersky.co.uk/virusscanner

http://security.symantec.com/sscv6/home.asp also malwarebytes,iobit360,cccleaner,superantispyware,s pybot,hijack and avira.

ALL give clean bill of health

Did not know userinit existed until box appeared and have never logged on

Edited by dogmaryxx, 23 June 2009 - 04:55 AM.


#9 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:12:03 AM

Posted 23 June 2009 - 05:41 AM

Thank your for trying all that. There is NO way I can get that to happen to me here!

In spite of the fact that the version in the box is the same as my XP Pro SP3 it is still possible the executable itself is somehow corrupted.

Before replacing it, we need to find a replacement. I do things from a command prompt usually, so get yourself to a command prompt (Start, Run, cmd <enter>).

Depending on your SP (did you ever say?) there are likely to be some other copies of userinit.exe on your system.

Maneuver to the root of (c:\>) and enter:

dir userinit.exe /s

My results on two machines look like:

Directory of C:\WINDOWS\$NtServicePackUninstall$
08/04/2004 03:56 AM 24,576 userinit.exe <- original (blah!)
1 File(s) 24,576 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386 <- SP latest installation
04/14/2008 05:42 AM 26,112 userinit.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\system32 <- the one that XP is using
04/14/2008 05:42 AM 26,112 userinit.exe
1 File(s) 26,112 bytes

The one is 1836 is the latest and matches the one is system32 is the one XP is should be using. You might also have one in the DLLCACHE folder but I don't. Even running the old version by hand doesn't get me your error.

If I use Explorer check the Properties, Version of the files, the base version is the same, but the details of the version information is different for my old and current findings (hmmm).

If the one in your system32 is different, rename is to userinit.old ad copy in the one from i386 - or wherever you find one that matches what is in my system32 folder.

The location for the "good" one needs to somehow end up being c:\windows\system32

If you can't find one, you need to get one from another system that does not have this problem, or we can extract one from your XP installation CD or from a SP3 installation.

Edited by joseibarra, 23 June 2009 - 06:07 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#10 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 June 2009 - 01:06 PM

Get this

Posted Image

Edited by dogmaryxx, 23 June 2009 - 01:08 PM.


#11 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:12:03 AM

Posted 23 June 2009 - 01:38 PM

I was not clear enough!

From your command prompt type: cd\ <enter> to get to the root of the C drive. The prompt should be:

C:\>

Then:

dir userinit.exe /s <enter> (the /s means to seach subdirectories).

A Windows Search will probably do the job, but sometimes I just don't trust it.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#12 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 June 2009 - 02:08 PM

Thank you for clarification,I am not a techie

Posted Image

#13 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:12:03 AM

Posted 23 June 2009 - 03:40 PM

Sigh. Looks like mine... except for the weird date stamps -14/04/2008?

I tried to set my userinit.exe to that date using some free stuff, but the free stuff won't let me use a month of 14.

So (and I'm running out of ideas :thumbsup: ) change to your c:\windows\system32 folder and just try to run userinit.exe from the command line. When I do it, I get an Explorer window. Same as my "older" version in the uninstall folder that looks like yours. Please try all three of yours and tell me what happens.

Depending on what happens, is there a way you can copy a userinit.exe into your c:\windows\system32\ folder from another computer with a good date stamp?

Hold on...

I did find this mention of userinit.exe with a date time stamp change:

http://vil.nai.com/vil/content/v_153124.htm

The sentence looks interesting: The original file modifies the time-date stamp to an older one for the files svchost.exe, userinit.exe and services.exe.

And, you may explore the Characteristics description to see if it matches you (it does not match me!)

I am not a big McAfee fan at the moment, but it might be worth it to download their stuff and giving it a shot - maybe before trying to merely copy a userinit.exe in with a better looking date.

Did you say you ran SuperAntiSpyware (SAS)?

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#14 dogmaryxx

dogmaryxx
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 23 June 2009 - 04:11 PM

weird date stamps -14/04/2008?
No its correct,I am in UK and thats the way its done.

Will run SAS again tomorrow and try your suggestions and report back

Many thanks for your time and effort

#15 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:09:03 PM

Posted 23 June 2009 - 04:39 PM

weird date stamps -14/04/2008?
No its correct,I am in UK and thats the way its done.


Yeah, the Brits do it backwards. 14/04/2008 = 4/14/2008




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users