June 18th, 2006, 05:55 PM
Originally posted here by Und3ertak3r
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ndqrmqk.exe
this one is a concern - this is akin to a kernal hijack.. [/B]
As long as the spelled version is Userinit.exe and is in the correct system folder it is harmless.This is the trojan: http://www.symantec.com/avcenter/ven...satiloler.html and if the user had kept his Norton updates current, the program would catch it.
Userinit.exe is a key process in the Windows operating system. On boot-up it manages the different start up sequences needed, such as establishing network connection and starting up the Windows shell. This program is important for the stable and secure running of your computer and should not be terminated.
Actually Spybot S & D has a run option on reboot, and if he cleans out his files and reboots, this line will disappear, after it performs the scan on startup.
correct me if i'm wrong but doesnt that entry belong to SpyBot-search and destroy. I dont think you need to remove that entry.
Automatic analysers are not "fool proof", and if the person reads the analysis wrong and removes log entries and does not have a back up of the HJT scan, because it is in a temp file, then they are fuxored.The user should visit a forum which deals specifically with HJT logs, although the automatic analyser will point out problem areas, there are sequences of events which need to be considered when cleaning a pest infected PC.
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."