Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows startup and autoruns


  • Please log in to reply
4 replies to this topic

#1 DEATHlLINK

DEATHlLINK

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 14 December 2009 - 02:55 AM

I installed autoruns and I am new to it. I have looked at my task manager and msconfig startup to check startups but this has me wondering?
when I ran Autoruns it shows
HKLM\SOFTWARE\Microsoft\Windows NT|CurrentVersion\Winlogon\Userinit
C:\Windows\system32\userinit.exe Userinit Logon Application Microsoft Corporation

Now when I check this with the startups database this appears to be a spambot trojan?
Userinit Logon Application userinit.exe X Identified as a Spamtrojan variant.

Am I doing this correctly?

please advise

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:38 PM

Posted 14 December 2009 - 10:54 PM

You need to check the location of the file as well as it's identity.

This part: C:\Windows\system32\

To answer your question that is a valid file and should not be touched.

If that file was located elsewhere then we need to investigate.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#3 DEATHlLINK

DEATHlLINK
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 15 December 2009 - 01:20 AM

Ok good. So I need to check the location as well. There is alot of stuff listed by autoruns is that all stuff I need to check on the startup database?

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:38 PM

Posted 15 December 2009 - 12:34 PM

Whatever process you intend to disable, you better make sure what it is first
File location is just as important
You don't want you computer to become a doorstop

Edited by garmanma, 15 December 2009 - 12:37 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 DEATHlLINK

DEATHlLINK
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 15 December 2009 - 01:56 PM

Agreed. I was just advised by a friend to keep an eye on my processes. He told me if I learned about them and how to monitor them It is a great way to be able to tell if you are infected/hacked/etc. so I am trying to learn a bit more I'll wait on disabling or making any modifications until I am a bit more educated on the subject.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users