No replies to this topic

[thom7199]

I have a small retail business with a Point of Sale PC supported by a Windows XP server in the back room. The server appears to be infected. MWB scan / clean process says there are two files infected and that they have been quarantined. Other infected objects have been cleaned but these two persist. I have read some of the posts in these forums and wonder if the procedures involved may interfere with my business software or databases. I am open to suggestions.

Latest (Quick scan) log;

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 2

1/11/2009 6:44:10 PM
mbam-log-2009-01-11 (18-44-10).txt

Scan type: Quick Scan
Objects scanned: 58798
Time elapsed: 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)