Thread: 2 trojans reappear
View Single Post
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: 2 trojans reappear

 
0
  #8
Dec 4th, 2008
Yep. Here in the last line of this block is the correct entry for userinit.exe:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ GEORGE-6JXTPIR4
DefaultUserName REG_SZ George
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

Unfortunately the key that your MBAM keeps finding and removing "...CurrentVersion\Winlogon\Userinit" is not there, meaning that it has not re-occurred since last removed.
Do you have a file: \Windows\system32\ntos.exe?
Deep, deep in the woods, but walking about.
Reply With Quote