Should I delete userinit.exe?[False Positive]

Hi, I just got a alert from BOClean, stating it has stopped DLDR-AGENT.AQF. Its asking now if I want to delete the unserint.exe file from windows system32. Should I say yes?

I could not find anything about DLDR-AGENT.AQF on the net.

This is the info I found about the userinit.exe.
" userinit.exe is a key process in the Windows operating system"

Thanks in advance

I decided to go back before I got this alert and did a system restore and now BOClean is quiet.
Thanks in Advance,


You should NEVER delete important system files. I think BOClean flagged userinit.exe as a malware because some virus loaded a DLL thru userinit.exe. I’ve seen the same thing happen with explorer.exe, and it turned out to be a malicious DLL that used explorer.exe.


I had the same occurance this morning, and I also quieted the alert by system restore. However, next time I rebooted, the message popped back up again. It occured to me that BOClean had updated the DB in the interim, so I Rolled back the DB defs, and viola… no more message. It looks as if the latest DB is the culprit, possibly a flase alarm? If not, and a malicious DLL is trying to use userinit.exe, how do we track the offending dll down and eradicate it? I told BOClean to stop the trojan, but the file userinit.exe remains (and so does the popup everytime I boot with the new DB). Thanx!

UPDTATE: Using a program called “XP Process Explrer”, I find no instance of “USERINIT.EXE” loaded into memory (if there was, I could see all of the associated DLLs)…?!?

I also have this alert and noticed that BOclean had been updated earlier. Now running a full scan with AVG Free before taking further action. Will report back when scan is complete. Sounds like a possible FP though.


UPDATE: AVG Free and Spybot S & D did not find anything.

I’m making inquiries… :wink:

Well, if more than one people get this, it’s most likely a FP.

It only loads some stuff like explorer.exe, then it’s terminated, that’s why you dont’ see it.


I had the same problem, but complete scan with f-prot did not find anything. And what’s strange - the message has disappeared

I also had this problem. What does “FP” mean? I can’t find this acronym anywhere, sorry probably a newbie question.

Should we roll back BOClean’s DB or keep it up-to-date and wait for more info?

Also: If I run userinit.exe manually, I get the same warning from BOClean with the latest DB (but not with the previous DB)… I hope that means it’s a problem with BOClean and not that I’ve just launched the trojan…

What does "FP" mean?

FP = False Positive :slight_smile:


I have the same problem with BOClean. I do not know what to do. This file can’t be deleted so easily, because windows restores this file on it’s own. There’s one more thing, i have replaced userinit.exe with the original userinit.exe from the windows installation cd-rom, and BOClean showed the same warning dialog and insisted on deleting the file, but again it failed. Ihave here a screenshot of this warning, maybe it could be useful.

Also receiving this message … just to chime in.

Agree with JimB … possibly a false positive due to a faulty database update?

Hope that someone from Comodo looks into this promptly.


My alerts are back as well :frowning:

I have also just received this warning also. I think it must be a false positive but await advice from Comodo on what to do.

It happens me too. Maybe it’s because the update…

Today when I turned on my PC BOClean said have have a trojan named “DLDR-AGENT.AQF”.
It said it stopped the program which it said was in “C:\WINDOWS\SYSTEM32\USERINIT.EXE”.
Then asks to delete it which I choose yes. When I restart my PC its still there.
What do I have and how do I get rid of it? I ran my updated kaspersky anti-virus and a number of anti-spyware and anti-rootkit scans on it and found nothing.

I have the same problem guys. Scared the crap outta me. Hope its just a false positive.
Someone please message me when they find out whats going on. Thanks…

The message popup I get does not say it cannot delete the file, just that the trojan DLDR-AGENT.AQF has been detected, and it gives me the YES/NO option as to remove it or not. Even if I say ‘YES’ it does not say it failed to delet the file…? The message that is logged is

However, the file “userinit.exe” still exists in the system32 directory, so either it is not deleted, or Windows dynamically creates a new one each time (not sure which)…

I got the same error today, but only after logging off the current user and logging on under a different account. A full virus scan with Comodo AV says my system is clean.

Rebooted: Logging on directly to the second account doesn’t show the error until I switched back to the original one. this has to be a FP.

If it gets deleted, Windows will automatically copy one from %windir%\system32\dllcache.