Curse

Koranex · Feb 09, 2006, 04:56 PM // 16:56

My PC suddenly became really, really slow a few days ago. I Ctrl Alt + Del'ed
and a userinit.exe file came up. I don't know what to do with it. I know it's definately the problem, but i'm quite young so don't know how to remove it. AVG and Norton Don't seem to be removing it

Any Help?

Kaguya · Feb 09, 2006, 05:01 PM // 17:01

It doesn't eat any CPU cycles atleast...

Quote:

Originally Posted by http://www.liutilities.com/products/wintaskspro/processlibrary/userinit/

Userinit.exe is a key process in the Windows operating system. On boot-up it manages the different start up sequences needed, such as establishing network connection and starting up the Windows shell. This program is important for the stable and secure running of your computer and should not be terminated.

Note: userinit.exe is also a process which is registered as the Satiloler Trojan. This Trojan allows attackers to access your computer, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.

Seeing that I don't have userinit.exe running, nor I don't recall seeing it ever before, I'd get my virus scanner installed and scanning now.

Changing all password after scanning isn't a bad idea either. Tho if antivirus programs don't find it.. Hum

Description and removal instructions from Symantec

Quote:

It has been reported that the Trojan is downloaded by malformed WMF files that utilize the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability

Also run windows update (http://windowsupdate.microsoft.com) to fix atleast this security hole, and multiple others.

cannonfodder · Feb 09, 2006, 05:45 PM // 17:45

Userinti.exe is a windows process that manages various boot up processes. However it can also be a mask for Satiloler Trojan, this virus can access your passwords and banking details. As you have 2 I would hazzard a guess that your PC is infected. Use the above link for the removal advice.

Josh · Feb 09, 2006, 06:16 PM // 18:16

Presumably the 1 using 5,616K of resources.

I'd suggest to stop the porn.

Nazo · Feb 09, 2006, 08:17 PM // 20:17

Quote:

Originally Posted by Josh

Presumably the 1 using 5,616K of resources.

5MB of memory isn't exactly much to worry over.

I wouldn't freak out about userinit.exe just yet. Run virus scans, but, install your AV software to custom folders, not the default ones. A few virii are beginning to attack the most common AV software, especially when it's in the default folder. You might also try a less common one such as ClamWin. You might want to try a program such as "Security Task Manager" (sorry, this one's commercial, but, the trial period should suffice for this purpose) which will tell you the risk level of many of your processes including often a mention of whether they are a common mask for virii or not. Something like userinit.exe is a fundamental process, so it could be a mask for a number of virii, but, few are going to target something so obvious since it tends to be protected a little better. The main point here is it's not specific to the one virus they mentioned.

There's another possibility you should be made aware of. Windows is, by default, set to automatically download updates, and many people select the option to automatically install such updates as well so they don't have to do it themselves. I once made the mistake of doing this. I say once and mistake because MS made me change my mind in a hurry when one of their automatic updates slowed my computer to an absolute crawl. It took me FOREVER to track down the cause. Uninstalling that particular hotfix update got me back to smooth running again, but, I learned my lesson. Since then, I've stuck with running a good firewall on my computer, disabling automatic updates, and only ever downloading and installing any updates that are actually necessary (such as that hotfix for the bad worm before the service pack fixed it.) I've had one virus in the time since then (more than a year, I think actually more like two now) and that was because I accidentally ran something I knew was iffy. ClamWin's ability to scan a single file as an option on right click teamed up with the fact that it seems rather unlikely any virus will ever target such an unpopular AV software has kept me from getting anything since. Many AV softwares will offer the right click thing, so make a habit of using that on practically anything downloaded that's at all questionable. I'm afraid you're going to have to disable that always running thing that checks everything all the time though. Those have a tendency to seriously interfere with gaming.

BTW, don't forget spyware. Ad-Aware and Spybot S&D are both free programs which will scan for spyware (though Ad-Aware went commercial a while back so may offer less features in it's free version now.) Spyware can slow a system and is as bad as a virus, but, since most aren't directly hazardous to non-gamers, AV software will only pick up one or two rare ones that are bad enough to slow the whole system. Running Spybot S&D every now and then (in particular I like the "immunize" option though I wonder at it's effectiveness) can catch some stuff that people don't even know they have and help with gaming especially.

Josh · Feb 09, 2006, 09:44 PM // 21:44

No, I meant Nazo said that he has 2 of the Userinti.exe's running so 1 must be the infection, so I said I presume the 1 using the most resources is the infection.

Nazo · Feb 09, 2006, 11:48 PM // 23:48

Oh, that's not so unusual. Probably has a seperate one for each thing that has to run under that process. Take a look at svchost.exe and the absolute mess it makes for us all some time. Now THERE'S a definitive threat for you. Anything could be running and you'd never know because there will pretty well always be a bunch of svchost instances going, which could be anything since all you know is it's running via svchost.

Koranex · Feb 10, 2006, 12:37 PM // 12:37

I updated norton and it deleted it, FINALLY

Thanks For Your Help Everyone. And Nazo I think thats for my proxy. :S

Old Dood · Feb 10, 2006, 01:06 PM // 13:06

Quote:

Originally Posted by Josh

I'd suggest to stop the porn.

Funny! However, 9/10 times that IS the cause of most people's infection problems...

Koranex · Feb 10, 2006, 07:59 PM // 19:59

Probably was the cause :S , You never know