Virus Scan is Warning Me that Userinit.exe is Trying to Modify Registry Or Startup?

Mon, Nov 9, 2009

Ask The Reginator



Everything I can find on userinit.exe tells me it is a crucial windows file, but I can’t find anything telling me it should modify the registry.

I’m concerned that it may be a virus disguised, is this possible? Why would my virus scan prompt me? I’m using charter (my cable company) security suite, as my anti-virus
edit: I’m being asked to either trust it, or block it.

Related Posts

Related Websites

  • How to Remove Personal Protector | Personal Protector Removal Guide Personal Protector is a rogue antivirus program that is advertised through aggressive advertising and fake scan sites. Fake scan sites are web pages that upon loading appear to be running a virus scan or other check of your local computer. In reality these are usually simply an animation and every......
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
  • How to Remove Antivir | Antivir Removal Guide Antivir is a rogue antivirus application that is pushed through web site popup ads on unsuspecting users. Basically in web browsing you may see a popup claiming that your computer is infected and you should run a malware scan. Clicking to proceed will probably show an animation of a scan......
  • How to Remove Anti-Virus Elite | Anti-Virus Elite Removal Guide Anti-Virus Elite is a rogue antivirus application. These rogue antivirus applications pose as a legitimate security application, but in reality is a scam to try to trick you out of money. They will find and claim that there are multiple security problems with your computer. They will claim that you......
  • Comparing WordPress Hosting Wordpress has created an incredible opportunity for those who are looking to take control of their future. It has provided the entire world with a system and service that simplifies web ownership. Users can create blogs and content quickly and easily, opening up broad possibilities for the greater population. Anyone......
  • How to Negotiate with Credit Card Companies to Reduce Your Debt Today's article is a guest post by Andrew Wang... With consumers facing tough times in the wake of the financial crisis of 2008, it's a good opportunity to discuss the possibility of getting your credit card debt sorted. Most people assume credit card companies care only about the profits they......
  • How to Remove Windows Enterprise Suite | Removal Guide Windows Enterprise Suite is a rogue antivirus application that is made to look like and mimic the actions of legitimate security applications, but it is likely the cause of more problems on your system than it solves. It seems to be made by the same group as volcano security suite......
, , , , , , ,

3 Responses to “Virus Scan is Warning Me that Userinit.exe is Trying to Modify Registry Or Startup?”

  1. Sly_Old_Mole Says:

    You could have a trojan try running (free):

    http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html

    & do a free online scan:

    http://www.bitdefender.com/scan8/ie.html

    Why would my virus scan prompt me? I’m using charter (my cable company) security suite, as my anti-virus – NO security works 100%.

    WARNING:

    Perry N link is un-safe, it a link for spyhunter list by spybot S&D as a rogue program.

  2. Denise Says:

    Hello,
    You are right that userinit.exe is a crucial windows file.
    But If you are unsure about it’s being infected by virus or not, upload it here -> http://www.virustotal.com/
    You will instantly know the results.
    This file is located at C:WINDOWSsystem32

    NOTE -> If your Anti Virus is not permitting this file to be uploaded, then you may need to disable your virus protection for few seconds to do that.

  3. Natalia G Says:

    You have Trojan Fakealert infection:

    Trojan.FakeAlert is a malicious Trojan. All Trojans install silently and Trojan.FakeAlert is no exception. But it is possible that Trojan.FakeAlert will be installed together with a Rogue Anti-Spyware software.
    Trojan.FakeAlert will hijack the desktop background with an image alerting the user that their computer system has been infected with spyware. Trojan.FakeAlert also changes some settings such as, disabling permissions for the user to change the background image and setting the active desktop to ‘show web content.

    How to remove Trojan FakeAlert and userinit.exe file:
    http://www.pcthreat.com/parasitebyid-6533en.html


Leave a Reply


PHVsPjxsaT48c3Ryb25nPndvb19hZHNfcm90YXRlPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkXzMwMF9hZHNlbnNlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfMzAwX2ltYWdlPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMzAweDI1MC0yLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkXzMwMF91cmw8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV8xPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS0xLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzI8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTIuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMzwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtMy5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV80PC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS00LmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzU8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTQuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfNjwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtNC5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfMTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF8yPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzM8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfNDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF81PC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzY8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hbHRfc3R5bGVzaGVldDwvc3Ryb25nPiAtIDgtYmxhY2tuYmx1ZS5jc3M8L2xpPjxsaT48c3Ryb25nPndvb19hc2lkZXNfY2F0ZWdvcnk8L3N0cm9uZz4gLSBTZWxlY3QgYSBjYXRlZ29yeTo8L2xpPjxsaT48c3Ryb25nPndvb19hdXRob3I8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2F1dG9faW1nPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jb250ZW50PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jb250ZW50X2ZlYXQ8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2N1c3RvbV9mYXZpY29uPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fZmVhdHVyZWRfcG9zdHM8L3N0cm9uZz4gLSBTZWxlY3QgYSBudW1iZXI6PC9saT48bGk+PHN0cm9uZz53b29fZmVhdF9pbWFnZV9oZWlnaHQ8L3N0cm9uZz4gLSAxOTU8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0X2ltYWdlX3dpZHRoPC9zdHJvbmc+IC0gNTQwPC9saT48bGk+PHN0cm9uZz53b29fZmVlZGJ1cm5lcl9pZDwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX2ZlZWRidXJuZXJfdXJsPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fZ29vZ2xlX2FuYWx5dGljczwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfb25lX2NvbDwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29faW1hZ2Vfc2luZ2xlPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19sb2dvPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fbWFudWFsPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL3N1cHBvcnQvdGhlbWUtZG9jdW1lbnRhdGlvbi9mcmVzaC1uZXdzLzwvbGk+PGxpPjxzdHJvbmc+d29vX3Jlc2l6ZTwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb19zaG9ydG5hbWU8L3N0cm9uZz4gLSB3b288L2xpPjxsaT48c3Ryb25nPndvb19zaW5nbGVfaW1hZ2VfaGVpZ2h0PC9zdHJvbmc+IC0gMTAwPC9saT48bGk+PHN0cm9uZz53b29fc2luZ2xlX2ltYWdlX3dpZHRoPC9zdHJvbmc+IC0gMTAwPC9saT48bGk+PHN0cm9uZz53b29fdGFiczwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fdGhlbWVuYW1lPC9zdHJvbmc+IC0gRnJlc2ggTmV3czwvbGk+PGxpPjxzdHJvbmc+d29vX3RodW1iX2ltYWdlX2hlaWdodDwvc3Ryb25nPiAtIDc1PC9saT48bGk+PHN0cm9uZz53b29fdGh1bWJfaW1hZ2Vfd2lkdGg8L3N0cm9uZz4gLSA3NTwvbGk+PGxpPjxzdHJvbmc+d29vX3ZpZGVvX2NhdGVnb3J5PC9zdHJvbmc+IC0gU2VsZWN0IGEgY2F0ZWdvcnk6PC9saT48L3VsPg==