Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

userinit.exe keeps showing up as infected


  • Please log in to reply
1 reply to this topic

#1 PCMan55

PCMan55

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 04 October 2017 - 02:12 PM

I would like to start by admitting that I ran Combofix without being instructed to do so, sorry about that. It found an infected copy of c:\windows\system32\userinit.exe and disinfected it. Next time it didn't find anything, but recently the infected copy was found again and disinfected. Thus whatever is infecting userinit seems to reappear not long after removal. Very grateful for any advice.



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,572 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:25 PM

Posted 04 October 2017 - 02:19 PM

Post your ComboFix log in the Malware Removal Logs forum...or better yet, follow the instructions for running FRST and initiate a new topic...in the forum which reflects the following instructions:  Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html, Steps 6-8 of the Prep Guide.

 

Once that is done, this topic will be closed to avoid confusion and you should take all instructions provided in your new topic.

 

Thanks :).

 

Louis


Edited by hamluis, 04 October 2017 - 02:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users