Posted 31 December 2005 - 04:26 PM
I used autoruns and the first entry listed is:
AUTORUN ENTRY: C:\WINDOWS\system32\userinit.exe
DESCRIPTION: Userinit Logon Application
PUBLISHER: (Verified) Microsoft Windows Publisher
IMAGE PATH: c:\windows\system32\userinit.exe
I found this in the startup database:
This is an undesirable program.
This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.
If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.
Description: Added by the Troj/Kbroy-B keylogging Trojan.
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry
Is this the same program even though the descriptions are different and is from (verified) Microsoft Windows Publisher?
I want to check before I delete it.