c:\windows\system32\userinit.exe

Process Guard is giving me this message on startup.

c:\windows\system32\userinit.exe [124] was blocked from modifying c:\windows\explorer.exe.
Could someone give me some advice about this warning.

 

Thank you Peter for the fast reply to my question.

 

I have xp home on 1 pc. when user tried to logon, immediately got logged off. Through searching on the web, I found a note that said I needed to rename userinit.exe to wsaupdate.exe then reboot.
I got into recovery console and found that userinit.exe was userinit.vxe. Does this mean that userinit.vxe is corrputed by a virus? Can I ust rename userinit.vxe to userinit.exe? Can I copy userinit.exe from xp pro to xp home?

Any thoughts/suggestions are greatly appreciated!

 

Hi schristo, Though your question is not really a PG support question, I will try to help. This could be a part of the W32 Bagle Worm
*\WINDOWS\SYSTEM32\userinit.vxe,Description: The file *\WINDOWS\SYSTEM32\userinit.vxe is infected with the W32.Beagle.M@mm virus." This is an old worm so maybe you have a remnant left on your system.
KAV have an on line virus testing engine: http://www.kaspersky.com/virusscanner
Also do a full AV / AT & AS tests on your system.
Make sure that your system is fully patched.

HTH Pilli.