1 reply to this topic

[kdawg150]

I've got myself a little trojan problem here. I'll run a scan and this is what I get

Malwarebytes' Anti-Malware 1.34
Database version: 1873
Windows 5.1.2600 Service Pack 3

3/19/2009 6:08:46 PM
mbam-log-2009-03-19 (18-08-46).txt

Scan type: Quick Scan
Objects scanned: 89306
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and then Malwarebytes' says that it removes them, but when I run another scan they're still there, plus I continue to get new virus's that I have to keep removing when I reboot. I've tried removing them in safe mode, and my virus definitions are up to date. Thanks for any help!

[GT500]

You have a very serious problem. Your computer's copy of userinit.exe has been infected with a trojan. The fact that it shows up in the log is a warning, and even though it says Malwarebytes' Anti-Malware deleted it, know that our software is actually incapable of deleting that file, as doing so would make it impossible for you to log in to your computer.

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.