We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Infected computer, need help understanding Hijack This log please
Comments
-
Well it's very bizarre, I have just done a search for userinit.exe files and it finds 2
One in
c:\windows\ServicePackFiles\i386\userinit.exe
and the other is
C:\windows\prefetch\userinit.exe-30818140.pf
There is no userinit.exe in the windows\system32 folderIt's easier to get forgiveness than to ask permission
0 -
Hmm strange - unless it has been quarantined.
Send the other two to be checked -hopefully they are clean.0 -
OK, the one in the i386 directory is clean
It's easier to get forgiveness than to ask permission
0 -
I've never come across a PreFetch directory before (there isn't one on my laptop!!!) Google searches suggest deleting the contents! Any thoughts?
I am thinking perhaps the userinit file in the prefetch is corrupt so I should delete that and copy the one from the 1386 folder to system32
It's easier to get forgiveness than to ask permission
0 -
Have you sent C:\windows\prefetch\userinit.exe-30818140.pf to virustotal - that way we will know if it is corrupt.
if the other one is clean I wonder why SDFIX did not move it????0 -
The prefetch one has come back clean also!It's easier to get forgiveness than to ask permission
0
-
Reluctant_spender wrote: »Have you sent C:\windows\prefetch\userinit.exe-30818140.pf to virustotal - that way we will know if it is corrupt.
if the other one is clean I wonder why SDFIX did not move it????
Well I am thinking to delete the prefetch one anyway (as I understand it will get recreated) and copy the clean file to the system32 directory.
Perhaps SDFix didn't move it because the destination file didn't exist??
And once that's done I could try SDFix again?
All purely speculative but I am beginning to lose the will to live with this one lolIt's easier to get forgiveness than to ask permission
0 -
just out of interest - can you send the System32 one to virustotal too.
I appreciate that this appears to be some faff but I want to be sure that the file is bad before we look at moving it.0 -
I am planning to move a file using combofix which will/should sort out the movement issue. Fingers crossed.0
-
Reluctant_spender wrote: »just out of interest - can you send the System32 one to virustotal too.
I appreciate that this appears to be some faff but I want to be sure that the file is bad before we look at moving it.
There isn't one in the system32 directory! I think if it wasn't for the prefetch directory the machine would be in a log on / log off loop!It's easier to get forgiveness than to ask permission
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.1K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards