Userinit.exe created Friday March,13,2009.....infection

Soarin

Soarin

2[H]4U
Joined
Jul 23, 2010
Messages
2,489
hey folks working on a pc with an infection and when the pc starts it loads hi contrast fonts sticky keys and what not also Userinit.exe created Friday March,13,2009.....that seems odd. there is a registry key that no matter what keeps reoccuring and it is hklm/software/microsoft/windowsnt/winlogon userinit.exe, SKEYS.EXE /I.....Looks suspicious to me. only just started removal process and not touching this file until i get some clarification.
 
Pretty safe bet the machine has been compromised. If you can get into Safe Mode (Command Prompt only), run the following command and make sure to have the XP installation CD handy:

sfc /scannow (then press Enter and follow the prompts as required)

If any of the system files are corrupt, it'll tell you and request the originals from the CD (I'm betting there's gonna be a ton of 'em).
 
Joe Average said:
Pretty safe bet the machine has been compromised. If you can get into Safe Mode (Command Prompt only), run the following command and make sure to have the XP installation CD handy:

sfc /scannow (then press Enter and follow the prompts as required)

If any of the system files are corrupt, it'll tell you and request the originals from the CD (I'm betting there's gonna be a ton of 'em).
Click to expand...

Oh yeah I know its been compromised, I can get into safe mode but this bugger did it in safe mode also. I finally ran kapraskey rescue 2010 cd and found a few things and Used TR and it stoped the registry key, when i left it Asquared was running and Super antispyware just finished. I am wondering now that I think of it, could this infection have been a logic bomb;only reason i ask is because that date is to wierd.
 
Ok new updated on this Trojan remover says that %root%windows/system32/userinit.exe is performing suspicious activities on startup. And it references that reg key. Now i ran a slew of programs at it and i finally got it to not make me hold down (insert key here) to make it type. But TR still see's that key.
 
You must log in or register to reply here.
Back
Top