Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 KenH


  • Members
  • 2 posts
  • Local time:12:44 PM

Posted 31 December 2005 - 04:26 PM

I used autoruns and the first entry listed is:

AUTORUN ENTRY: C:\WINDOWS\system32\userinit.exe

DESCRIPTION: Userinit Logon Application

PUBLISHER: (Verified) Microsoft Windows Publisher

IMAGE PATH: c:\windows\system32\userinit.exe

I found this in the startup database:

This is an undesirable program.

This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.

Name: 1qaw3edr5
Filename: userinit.exe
Command: C:\WINDOWS\system32\userinit.exe
Description: Added by the Troj/Kbroy-B keylogging Trojan.
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry

Is this the same program even though the descriptions are different and is from (verified) Microsoft Windows Publisher?

I want to check before I delete it.

Thank you.

BC AdBot (Login to Remove)


#2 Grinler


    Lawrence Abrams

  • Admin
  • 43,639 posts
  • Gender:Male
  • Location:USA
  • Local time:12:44 PM

Posted 31 December 2005 - 05:31 PM

That is a legit file. Generally when its verified as microsoft's is legit. This entry is also started from a different location in the registry as its supposed to.

#3 KenH

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:44 PM

Posted 31 December 2005 - 06:16 PM

OK, Thank you


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users