Hi
Yes, that one is clean! Let's use it now to replace the infected files
Download CombofixThis tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helperPlease download ComboFix from one of these locations:
Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDo not run ComboFix yet!!COMBOFIX-Script- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
- Code: Select all
FCopy::
c:\windows\ServicePackFiles\i386\userinit.exe | C:\WINDOWS\system32\userinit.exe
c:\windows\ServicePackFiles\i386\userinit.exe | C:\WINDOWS\system32\dllcache\userinit.exe
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If ComboFix didn't reboot your computer yet, please do it now by yourself. Then, go again to jotti and upload this file:
C:\WINDOWS\system32\userinit.exe
Post the results in your next reply.
Also, let's have a look if there are any other copies present which may be infected:
Download
FileFind by Atribune and unzip it to your Desktop.
- Double click on FileFind.exe to open the programme.
- Enter userinit.exe into the File: box.
- Click on the Search button.
- After a while a list of file locations will appear in the List of Files: box.
- Click on the Export button.
This will create a
Notepad file named
Export.txt located in the
C:\ folder,
copy and paste it to your next post please.In your next reply, please post:
1) The ComboFix log
2) The Jotti results
3) The FileFind log