IEUDINIT.EXE = trojan horse?

Hiya,
BOClean has warned me that it stopped a malware:

Location of startup:STUB
C:\WINDOWS\SYSTEM32\IEUDINIT.EXE
This trojan horse program was found…

Is this an fp or a real threat? I don’t want to delete anything before I’m sure. Google didn’t really help.
Any suggestions are more than welcome.
Cheers,
grampa.

Edit:
The same trojan horse warning just came in for
C:\Windows\inf\unregmp2.exe
C:\Windows\System32\IE4UINIT.exe
C:\Windows\System32\SHMGRATE.exe
C:\Windows\System32\REGSVR.exe

I just ran a scan with Jotti and Virustotal. No threat detected. I’ll try AntiVir and Ad-aware in a minute.

Hi Grampa,

I find the easiest way to check is to Google these.

EUDINIT and unregmp2 appear to be windows files.
Of course some nasties load themselves into the windows files and change them so you can never be 100% sure they are safe.

When you Google these you’ll find that some AV companies always brand them as dangerous in the hope you will visit their site and pay for a special file to delete or clean it. This is a well known scam! BEWARE!

It could be that you have made some changes to your computer settings (as MS site suggests for the first one) and BOClean has simply picked up on this.

Any other suggestions chaps?

Mike.

Just checked the last two
SHMGRATE.exe
REGSVR.exe

Both are genuine windows files but worms are known to infect them if you downloaded a virus.

Have you done any scans with your Anti-virus and Anti-spyware programs?
If they are clear they could all be false positives.

Mike.

i saw where someone else (named “kiwi”) had the same BOC alerts… i don’t know what caused them…

i would upload the “IE4UINIT.exe” file to “virustotal”, for scanning…

here is the link for “virustotal”:

it is good that you didn’t let BOC remove the files without first confirming that they were malware…

Hiya,
thanks for all the input. As I’ve written before, Virustotal and Jotti didn’t find anything. I still owe you the results of AntiVir and Ad-Aware: Nothing. I shut down the computer about two and a half hours ago and have just rebooted. No alerts so far. I haven’t really done any changes to my system. Beats me! Admitted, I dld and installed “Returnil” but BOClean didn’t show any alerts until a day later and then not directly after I booted but a little later.
As I said, no alerts this time. So I guess an fp. But I cannot grasp what happened. Just for knowledge’s and assurance’s sake. please don’t stop posting your ideas, suggestions, similar experiences…
Thanks in advance,
grampa.
(R)

I had the same thing pop up on me this morning. I didn’t remove the file and came here to see if anyone else had the same problem. I scanned my computer with several programs and all’s well. Guess it’s probably a false positive. My computer was just sitting idle and when I came back the Trojan warning was on my screen.

Cheers squid13,
you reassured me even more it’s an fp. That makes two with the same alerts. Let’s wait how many more join in.
Cheerio,
grampa.

grampa, maybe you can zip copies of the files that were flagged and submit them to comodo as possible false-positives…

for info on submitting files to comodo, look in the FAQ’s at the top of the forum…

Hey red (:WAV)
I know where to send the files but unfortunately I don’t know how to zip and password protect the files as requested. I’m just one daft amateur when it comes to computers :-
Any guidance would be highly appreciated.
Once I know how to do it you can consider it done.
Cheers,
grampa.

Just got the pop up a min ago.

08/07/2007 14:02:51: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\SYSTEM32\IEUDINIT.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

08/07/2007 14:03:00: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\INF\UNREGMP2.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

08/07/2007 14:03:04: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\SYSTEM32\IE4UINIT.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

08/07/2007 14:03:05: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\SYSTEM32\SHMGRATE.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

08/07/2007 14:03:07: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\SYSTEM32\REGSVR32.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

08/07/2007 14:03:12: MALWARE STOPPED!
Trojan horse was found in a stub.
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

I said yes as far as deleting. Seeing as im ■■■■■■■ now. What can I do to fix this if it is all fp which seems to be the case.

Thanks a bunch ~cat~!!!
If I understand correctly there’s no need for me to do this anymore, or is there? If so, tell me and I’ll do it. Good to know the trick though if it should happen again.
Cheerio,
grampa.

Grandpa,
I’ve reported your post to the team as a possible FP on Windows System files.
To zip and password a file do this:
Right click on the file in question and choose “Send To: Compressed Folder”.
Then double click on the newly created compressed folder to open it in Windows Explorer.
In the toolbar at the top left choose “File”, Add a Password".
You’ll now have a password prompt box to type in “infected”.

[attachment deleted by admin]

I see lot has happened today :-\

Grampa, I am sorry I didn’t see your question, but I am very busy at work these days. But I see ~cat~ already answered your question

Greetz, Red.

Please someone help me. This is pretty serious if they really are false positives. Can I restore these files back somehow?

Korn,
System files should restore after rebooting, any other files can be restored using System Restore.
You may want to uncheck “Automatically start BOClean at bootup” in your configuration window until you know what’s going on.

Got the same FP’s - Jotti’d all files and did other system scans - good to go. I have 3 boxen on same LAN - 2 XP SP2 and 1 98se - both XP boxes alerted - the 98 box, started the next day, did not - assume a later update fixed the problem ?

No recurrance, no unusual activity, no Firewall or Router log flags.

I bet FP.

They are all Windows files, so they must be false positives. The strange thing is I never had CBOClean flagging those files, although my main system is almost 24/7 days online :-\

Greetz, Red.

I’ve not seen them flagged here either. :-\

Happened on at least one system at work this pm; right b4 I left. Flagged some 4 files; can’t remember them all, but the IE4UINIT.exe was one…

Really odd thing is, no log was created; rather, it was, but it was empty, so I couldn’t go back to exclude the files, as there was no record of what was tagged.

I had to roll back for the time being, and will deal with it tomorrow. Called back to let another person know they might experience it, and to not let it remove the files.

XP Pro SP2, w/Win on Auto Updates, full updated. It’s a laptop I’m working on for our bookkeeper, and was using my internet connect, so mine (BOC) wasn’t updating (nor Windows, for that matter).

LM

Same thing here: no log created ??? What’s also a wee bit odd is that so little people seem to get these alerts (I remember an fp about 2 month ago where many many more, i.e. seemingly everyone using BOC, were experiencing the same thing). What’s more, the alerts only came once and couldn’t be reproduced even after several reboots with no update effected.
Beats me!
However, I’d like to thank the wonderful COMODO community for once again helping out so willingly. These forums really are something special.
Chapeau to everyone who donates their precious time to help people in ‘need’. (:CLP)
Cheers,
grampa.