Should I delete userinit.exe?[False Positive]

What I have done is rolled back BOClean and set it not to update. I am not getting the alerts now, so I will leave it like this until I hear back from the BOClean team.

I just got the same warning and click no do not delete and then came here to see what was going on. Will wait to see what Comodo has to say.

This is odd, I answered yes to boclean then comodo defense+ flared up that boclean wanted to modify some dlls, so I just punched allow to everything and my computer goes on the frits, something about roxio updater.

Wished I’d taken time to look this up wink

I haven’t heard anything back yet so I’ll go ahead and flag the OP with:

False Positive on system files? (DLDR-AGENT.AQF - userinit.exe)

All having this issue please post which update you have.
There were 2 today, 2007-12-18 11:27:15 & then: 2007-12-18 13:33:48

I have this update: 2007-12-18 13:33:48

Thank you Cat :slight_smile:

I have the problem with the 2007-12-18 13:33:48 update.

Thank you again

I got that from the 2007-12-18 13:33:48 update.
I pressed ok before reading the message… I did notice the USERINIT.EXE the same moment I pressed ok…

The log looks like this.
12/18/2007 18:42:01:
Trojan horse was found in memory.
C:\ignored contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user:

I have just seen the same popup…

My last update is: 2007-12-18 13:33:48

Same thing here with one of my customers. They are getting the same error message on multiple machines.

I am rolling back the update and resetting the check for updates back to 72 hours. Hopefully, we will get a new pattern file by then.

I have 2007-12-18 13:33:48

2007-12-18 13:33:48 here too!!! And it’s causing big time problems! They need to fix this FP ASAP!!! :o

We are having the exact same thing happening on our computers today. I also think it must be a false positive.

2007-12-18 13:33:48

OUCH, getting it also… has to be a FP… but let’s GET ride of it?

Mine started with 2007-12-18 13:38:48

Right click the BOClean icon in the tray. Select Program Excluder from the menu options.

Open Windows Explorer and go to C:/Windows/System32.

Scroll down until you find the file userinit.exe.

Drag the userinit.exe to over to the Program Excluder window. Click done.

Reboot and you should not get the apparent false positive warning message.


same message for me and 2007-12-18 13:33:48 as well

Wo wo wo! i to have this suddenly come up,if it is malware i would like to know so a way can be found to get rid.Only happened today but there must be some explanation? Anyone

Regards Matty

I rebooted and got the same hit, it’s beyond a doubt a false positive.

Cheers CAT just got back from(losing)at poker and the last this i wanted was for malware to get on my system.Just read a report about a similar malware just the .AQF was differant.


OK, false positive. Next question: I also answered ‘Yes’ to BOClean, but as I said got no dialog saying that it could not delete the file USERINIT.EXE, nor did it log that said file was 86’ed. The log simply stated that the trojan was stopped, and the computer was safe. If a file was deleted, would the log state so? I am worried that some innocent .dll was deleted, and I have no way of knowing which one. My computer is acting fine, but I would hope that the log would at lest tell me what it did (or did it, and the trojan was stopped in memory only?).