Just tried a restart and everything is fine now with update 2007-12-19 06:19:18.
(R)
Jim
Getting the same warning as most people here are about the “trojan” DLDR-Agent…
just got the 6.19.18 update and all is quiet :BNC
New update Wednesday 19th fixes issue… GOOD. (:CLP)
What would happend if userinit.exe was deleted? The reason I ask is that a friend of mine just called me saying he can’t log in to Windows since yesterday, neither as administrator nor user. After he has typed the password to log in it just says that he has successfully logged out.
I was thinking it could be that BoClean has detected a false positive where userid and userinit has been mensioned, which sounds like they have something to do with the log in function for windows.
I’m getting the same issue and I have an even later update: 2007-12-19 15:20:33. If this in indeed a false positive and the update fixed this issue, then why am I getting the same message about userint.exe? Very odd. I will try rebooting.
MrSurfTurf,
As stated earlier, the deletion of system files such as userint.exe should not cause a problem as Windows restores it on boot.
Joe Mama,
With the detection of userint.exe with the new update after rebooting would indicate you are infected.
Maybe you mean SOME system files, because someone stated early in the post that you should NEVER delete system files, which sounds logical to me. That’s the reason why people use user accounts and security software in the first place, because it’s not so easy to just restore with a reboot.
I just thought BoClean might be the culprit that my friend can’t log in to windows, as both these issues happend the same day (a fasle positive in userinit.exe. I thought I saw userid mensioned here too, but maybe I was wrong) and my friend can’t log in to windows anymore. It seems releated to me.
My friend wasn’t able to log in to windows either…
It happened the next time he booted up after Boclean remove that file.
A restore fixed that.
After userinit.exe was deleted I could not longer log on XP, so after looking for a fix, this
worked for me…
First off, boot your computer from your Windows XP Cd, go to recovery by pressing the R key.
- Now you should be at C:\Windows
- Type cd system32 and hit
- The prompt should now read ‘C:\Windows\system32’
- Type copy userinit.exe wsaupdater.exe
- Remove XP Cd from drive
- Type Exit and hit (the computer should reboot and work properly).
If your system doesn’t have userinit.exe or wsaupdater.exe, try the following:
First off, boot your computer from your Windows XP Cd, go to recovery by pressing the R key.
* Now you should be at C:\Windows
* Type d: then hit (you should now be at the cd/dvd drive)
* Type cd i386 and hit
* The prompt should now read ‘d:\i386’
* Type expand userinit.ex_ c:\windows\system32 and hit
* Remove XP Cd from drive
* Type Exit and hit (the computer should reboot and work properly).
Good luck!
I got the same warning about userinit.exe today but in my case it was not false. Something deleted my hosts file, turned off half the protection in Spybot and Spywareblaster, and added entries to the Trusted Sites Zone.
This also happened about three months ago and BOClean caught it then too. I did let BOClean delete userinit.exe and watched it being removed in Explorer. Windows later replaced it without rebooting.
To me the symptoms suggest that something on my computer is not being caught by the protection programs I have installed and it may be set to run every few months. Either that or I got reinfected with exactly the same malware twice and it popped up on exactly the same day everyone else is having problems.
I do not think userinit is malware but it does seem to be used by malware to do its work. I’ve run antivirus and Adaware scans and submitted userinit to a multi-scan service on the web. Nothing was found so whatever the malware is, it can hide quite well.
Bottom line is for me BOClean is at least alerting me when something bad takes control of userinit.exe and I would not want to see that protection removed from BOClean. Please don’t get too aggressive in ‘fixing’ what people think is a false positive.
Hi,
well I am a little “unhappy” with the userinit.exe thingy. If I would not have my backup software, I would not be able to post here right now!!!
This file is absolutely a !!!must have!!! file in windows. If you delete it or you put in somewhere else on your HD you won´t be able to log on your system anymore!
To avoid any trouble in future, I kicked that software from my HD. Sorry gents…
>:( >:(
I am getting more and more confident that it is a false positive. I run Avast, Spybot S&D. and Asquared on my computer. Plus I did an online scan with Bit Defender, F-secure, and Trend Micro House Call. Everything came up clean. This combined with all these posts makes me think (strongly) false positive. I am rather disappointed in the results I have received using Comodo products. I could not even get CFP to initialize after installation and then CBO starts telling me that parts of CFP are infected :-\
So was it confirmed that it indeed was a FP? I agree with BillP in that I certainly do not want BOClean to simply disable an alert because we think it may have been a false alarm. Incidentally, if it was a FR, Comodo owes me a clean pair of underpants… (:LGH)
After some thought, I still don’t understand why some deleted ‘userinit.exe’ files were restored on the next boot up (like cat said they would be), and others were not (making it impossible for some to even log in). In the same way, some people got a deletion confirmation, while others did not - the log just says that the “trojan” was stopped in memory…?!?
Is there no final concensus from Comodo (I don’t know if Kevin and Nancy are still involved… I Hope so) as to the FP? Was the “fix” to simply disable a certain detection, or was the detection truly erroneous?
Baskar is staff even though his avatar shows moderator.
He has given the official word that yes it was a bad update and a false positive.
It was fixed with the next update.
From another source: "it was the result of a file infector that did indeed affect that file, but the signature was taken in the wrong place. "
Thank you, Cat! :BNC
I’m still not able to get past the log-on screen on my system. Does anyone have a way around the log on screen without a Windows XP disc? I bought the system from Dell and they no longer supply discs with them. I do have an XP disc from another system at my office. It’s an older version with only service pack 1 on it. Can I use this disc following Joevane’s instructions from his post?
Hi lance567
Can you boot into safe mode? If you can, copy the file from c:\window\system32\dllcache to c:\windows\system32.
If you cannot boot into safe mode can you boot into a command prompt by pressing F8 when you boot up. If you can get to a command prompt type in
“copy c:\windows\system32\dllcache\userinit.exe c:\windows\system32” , without using the quotes. This should copy the file to where it belongs.
John
Thanks John. When I boot up normally, I get the log on screen showing my account. When I boot up in safe mode, I get the log on screen with the administrator and my accounts. I’ve never tried booting up to the “safe mode with a command prompt” option. I will try this when I get home. If by chance I can’t get to a command prompt, is there any other way in? Thanks for your help.
Lance