Get our Latest Finds

Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:

Follow Gizmo

Using this Site

Top Rated


How to Create a Custom Hotkey for Your Favorite Application or Folder	97.7
How to Protect Your Online Privacy	97.1
Optimizing qBittorrent For Speed	96.8
Hot News: Gizmo's Freeware Makes PC Mag's Top 100 Websites of 2010	96.6
How to Open the Windows Command Prompt from any Folder	96.6

Gizmo's Freeware is Recruiting

Gizmos Needs You We are currently looking for people with skills and/or interest in the following areas:

- Rootkit Scanner and Remover
- Web Browser for Android

If this sounds like you then click here for more details

Can't remove userinit trojan horse

Updated 12. July 2008 - 20:00 by winemkr

Every time I boot, the file userinit.exe appears in the root directory and in the startup folder of the start menu, and is a running process. AdawareSE, Spybot 1.4, AVG Anti-spyware, AVG 7.5 and Easycleaner are my normal tools that are ineffective in this case. A useful remedy would be greatly appreciated!

Printer-friendly version

by meka11113 on 6. April 2009 - 5:31 (19366)

This is not a comment.
I have the same problem. I can not get into my computer. Every time I try it goes to "owner" when I click that it simply loges me out makeing the computer useless. I am totally ignorant of most of the replys I've read in response. What do y'all think I should do?
Thanks James

by Anonymous on 30. March 2009 - 4:22 (18892)

FOR ANYONE WHO HAS DELETED USERINIT OR ITS REGISTRY KEY!
IE. Has the problem where your computer auto logs off as soon as you log on even in safe mode
Download BartPE (Google it).
Using your Windows install disc (cant be a modified nlite installation) as the source files for BartPE.
Now select the place where the files will be made and click Build
Boot your computer from this CD.
Click on the GO button (a version of the Start button)
Click on Run
Go browse and now you can copy and paste the userinit.exe file if you deleted it (I also believe BartPE has network support, although I have never used it before, and you may be able to start a browser too to download the file, or just get it on a cd from a friend )
you can also start regedit and load the registry hive (From your "DeadWindowsHDD":\windows\system32\config).
Load the file called Software and then choose any keyname (cant be one already used in regedit)
Navigate thru the registry key you loaded and named and put back the userinit value.

by Anonymous on 12. November 2008 - 13:41 (10393)

After userinit was removed by threatfire, my system (running under XP Pro) simply re-boots as soon as the user or admin password has been entered. Even safe mode will not come up.

I have a second boot (an earlier version of Win XP Pro) which boots fine. Running AVG, PCTools AV and ThreatFire have not found a solution.

Any ideas please? Other than the obvious one of re-formatting and re-installing windows.

Anonymous

by Anonymous on 12. July 2008 - 21:57 (4169)

Just wondering: how do you know it's a trojan horse? Have you tested CRC with the runscanner app? What's the result? It seems to me that if the only thing you want to do is to disable the automatic startup, you can use msconfig, sysinternals autorruns or any other startup manager for that purpose.

by Anonymous on 15. July 2008 - 4:26 (4236)

As far as I know the legitimate userinit.exe program is supposed to reside in the windows/system32 directory. The userinit.exe program on my son's system is in the startup folder in the start menu and in the root directory. I erase them and they re-appear after booting.

I'm not familiar with the runscanner app. I will give it a try.

by Anonymous on 15. July 2008 - 8:13 (4245)

I don't use userinit, I was just asking. But usualy apps DON'T reside in the /system32, but in the /program files folder. It seems to me you must improve your defense A LOT, I would see - at least - this site's firewall, antivirus and antispyware sections. With antivirus and antispyware its important you keep them updated, and Windows should also be properly patched.

by JonathanT on 15. July 2008 - 12:44 (4257)

I think an outbound firewall is not necessary for most users, unless it also has a HIPS component. Too much trouble and too little gain in protection. A good preventive strategy like a sandbox (Sandboxie, GesWall, maybe HauteSecure) with a behavioural blocker (ThreatFire, DriveSentry, DSA, or HIPS with firewalls like Online Armor) with an anti-virus and a few on-demand scanners is a light and easy to use setup which is very secure. And yes, as you said, updating like with Secunia and Windows Update.

by peter on 12. July 2008 - 20:30 (4167)

by winemkr on 15. July 2008 - 6:27 (4240)

I downloaded SAS as suggested, ran it and deleted all of the numerous files it found. Now my system won't boot. When attempting reboot, I get the blue screen with the following message:
stop: C0000135 {Unable to locate Component}
This application has failed to start because baseiobs32 was not found. Re-installing the application may fix the problem.

Have any SAS users had it go too far? What did you do to recover your installation?

by JonathanT on 15. July 2008 - 12:40 (4255)

One option is just reinstall Windows again. With a computer full of malware and errors it could actually be easier than fixing it all up.

by Anonymous on 15. July 2008 - 14:51 (4264)

Try to boot in safe mode (F8 while booting) before reinstallation, and than use System Restore. Do you have a Windows CD? Try the startup repair - not sure if this is available in XP - and if that doesn't work, use System Restore from the CD.

by Anonymous on 15. July 2008 - 14:54 (4265)

But I also agree with Someone.

by winemkr on 16. July 2008 - 17:06 (4327)

The system won't boot in safe mode so that's not an option. I have an early OEM XP disk. System recovery is supposed to be iffy with OEM OS disks. Re-install is painful. I'm thinking to try making a UBCD4win boot disk per an article on this site. I'll need to make the disk on another system. I'm not sure if the disk will be portable.

It may be that the system is infected, but it wasn't any infection that put me in this predicament. It was using SAS. SAS recommended that I eliminate a file or files that caused the system to be unable to boot even in safe mode. I'm going to think twice about using SAS in the future.

by Anonymous on 16. July 2008 - 18:01 (4329)

I haven't experienced any problem with SAS, but I NEVER get any nasties while scanning. That problem is not specific of SAS, ANY state-of-the-art anti-malware can do that, although they are extensively tested they are not 100% risk free. If I were you I would think on a good defense instead, because "prevention is better than the cure".

by JonathanT on 17. July 2008 - 10:46 (4362)

Well the user will need to fix the current problem before they focus on the prevention.

by Anonymous on 17. July 2008 - 11:43 (4365)

Of course!

by Anonymous on 15. July 2008 - 9:30 (4251)

http://www.google.pt/search?q=C0000135+&ie=utf-8&oe=utf-8&aq=t&rls=org.m...

by Anonymous on 12. July 2008 - 20:23 (4166)

I would start updating those tools and scanning again. If that doesn't work try SAS and/or MBAM.

Post new comment

Best Freeware Lists

Not sure what free programs you need? Get our free guide:
"9 Great Freeware Programs that Should be on Every PC"
Download now. Details...

Picks of the Week

New Articles


Have Fun with Photos on your iPhone	02/09/12
Have Fun with Photos on your Android Device	02/09/12
Free Tool Deciphers Video and Audio Encoding Methods	02/08/12
Website of the Week (Help with Foreign Postal Addresses)	02/08/12
Best Free Online Backup Sites	02/08/12


Probably the Best Free Security List in the World
Best Free Android Apps
Best Free Windows 64-bit Software
Best Free Online Applications and Services
Best Free Antivirus Software


Best Free DVD Ripper	02/09/12
Add Special Effects to Photos Easily on Your Android Device	02/09/12
Turn Your Android Device Into Ebook Reader for Free	02/09/12
Elixir Tells You Everything About Your Android Mobile	02/09/12
Why Are There So Many Angry Birds? This Android App Tells It All	02/09/12