Spyware, Viruses, & Security forum

General discussion

Userinit.exe infected

Hello,
I put a problem in the new Dell forum but now I'm also getting some bad stuff I can't get rid of. I updated MBAM and ran a quick scan. It found 48 things! I removed them and it had to reboot to finish deleting, but I still have this skfjkhcdcsh.com trying to connect. I have a problem with the DEP Data Execution Prevention and COM SURROGATE and had to disable DEP completely.

One thing I read is to delete the userinit.exe from Windows/system32. Is that ok to do? That file comes up as infected.

Oh, I have a Dell Inspiron 6000 notebook w/ Win XP sp2. Anything else you need to know?

Thanks very much!
Thanks

Discussion is locked
You are posting a reply to: Userinit.exe infected
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Userinit.exe infected
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Viruses

In reply to: Userinit.exe infected

Hi volvogirl,

I was getting ready to answer your post in the other forum and then noticed your update. Are you accessing this forum from the infected computer (i.e. the one that you ran MBAM on) or a different one? Is the one that you ran MBAM on the same one as in your other post? Also, how is the computer that you mentioned in the Dell forum post connecting to the internet? Most important of all, do not do anything else until advised.

Collapse -
Thanks for helping me

In reply to: Viruses

No, I'm using my desktop. I took the notebook offline. I tried MBAM in safe mode. It keeps finding the 2 userinit.exe infections and says it cleans them but it keep coming back. Also we found good reviews of Avira program so I downloaded & saved it on mine and copied and installed it on the notebook. It's running a scan now. But the skfj.....com keeps trying to connect to the internet. And it keeps popping up saying virus is detected run a scan. Every thing I find on the internet says to remove userinit.exe. But I'm scarred to because it's a system file.

Collapse -
Userinit.exe

In reply to: Thanks for helping me

You are correct, you should not delete userinit.exe because it is a system file. Were you getting that message that you had a virus prior to disabling the Data Execution Prevention or did it start after that?

Collapse -
I'm back...You still up?

In reply to: Userinit.exe

I think I was getting it before. Well the Avira found 3 things but I still have the skfj....com and the popup Alert-You have a security problem Do you want to scan? I read something about excluding? that s..com website from my internet. How & should I do that?

OK what's my next step?

Collapse -
What about the DEP?

In reply to: Userinit.exe

Is my original DEP-Com Surrogate problem part of all this or can we fix it separately so I can turn it back on?

Collapse -
DEP

In reply to: What about the DEP?

I'm hitting the sack in just a few but if no one has picked this up by the next time that I check, I'll see if I can find someone to look at it. As for the DEP, disabling it may have caused the program to activate. DEP is used to keep out-of-date and rogue components from executing, sort of like User Account Control in Vista. It would be a good idea to turn DEP back on, restart the system and then see what happens. This MS article will explain a little more about DEP (http://support.microsoft.com/kb/875351) but it would be best to wait until someone is available to advise you on the next steps before doing anything else.

Collapse -
Thanks, William

In reply to: DEP

volvogirl, I've been asked to take a look at this thread.
You have a serious infection on there. Unfortunately, MBAM has not been as effective lately as it was in the past. You will need to do some additional cleaning. In addition, your userinit.exe is infected and needs to be replaced. Please follow William's advice. I suggest that you post at the Malware Removal forum at Dell: http://en.community.dell.com/forums/3521.aspx

Collapse -
Hi Bugbatter!

In reply to: Thanks, William

Nice to talk to you again. You've helped me with my husband's Inspiron 6000 before. But I think this time we will try to do the Ctrl F11 thing and do a factory restore. It's 4yrs old and extremely slow. Takes like 10min to boot and 5min whenever you click anything.

Could I replace his userinit.exe with the one from my desktop? And to reinable(?) the DEP, I guess I just put the "OptIn" back instead of the "AlwaysOff" I replaced it with. Do I need the /fastfind part after it?

Collapse -
DEP Revisited

In reply to: Hi Bugbatter!

volvogirl,

Did you use information from a link to disable DEP and do you still have that link? I'd like to look at it to see how much it differs from what I am seeing on Microsoft's site, that is if you weren't using an MS link. The page that I'm looking at doesn't mention FastFind at all.

Collapse -
No I got it here...

In reply to: DEP Revisited

Collapse -
Maybe it said /fastdetect.

In reply to: No I got it here...

I looked at my desktop boot.ini file and it says optIn/fastDetect not fast find.

Collapse -
Another question I just remembered

In reply to: DEP Revisited

How do I put on updates to MBAM, AVG, etc. since I'm not going online with this pc?

Collapse -
Hey! Still in Cnet

In reply to: Hi Bugbatter!

In case you didn't see I enabled the DEP again and got the COM SURROGATE errors back and no desktop (only wallpaper). Did Ctrl+Alt+del, it brought up the task manager. So I did New Task sfc /scannow and it did its thing but never asked me to insert the os disk. When it looked like it was done (but nothing was reported) I bebooted and HELLO the desktop loaded! So did it fix a windows file w/o the disk?

I'll continue over on the Dell virus forum for the rest of my problems. See you there!

Collapse -
SFC

In reply to: Hey! Still in Cnet

It's possible that the System File Checker (SFC) was able to replace the file(s) that were affected by the virus/malware on the laptop. The SFC uses 2 different sources: (1) the system files cache folder (%Systemroot%\System32\Dllcache) and (2) the Windows installation source files (from the CD). However, I'm still a little surprised that it didn't ask for the CD at any point. I ran the SFC on my XP system and it asked for the CD about 10 times. (SFC information - http://support.microsoft.com/kb/310747)

If you've already run the AV/Anti-malware programs and things seem well, it would still be a good idea to post on the DCF as Bugbatter suggested (http://en.community.dell.com/forums/3521.aspx) just to make sure there isn't something lurking.

As far as the DEP fix that you used, it's always a good idea to get the info from the source if it's available. The source in this case would have been Microsoft (DEP information - http://support.microsoft.com/kb/875352).

Collapse -
Re-Enabled the DEP

In reply to: DEP

and rebooted. Still get the COM SURROGATE error and no desktop.

Collapse -
William FYI Please check out my new posts

In reply to: DEP

Please read my lastest posts. I seemed to have fixed the DEP COM Surrogate error w/ sfc /scannow. I re-enabled the DEP. I've turned on my wireless and am updating my virus programs.

Collapse -
SUPERAntiSpyware...

In reply to: Userinit.exe infected

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.