c:\windows\system32\userinit.exe

Discussion in 'ProcessGuard' started by mainer, Mar 19, 2005.

Thread Status:
Not open for further replies.
  1. mainer

    mainer Registered Member

    Joined:
    Sep 24, 2003
    Posts:
    27
    Location:
    USA
    Process Guard is giving me this message on startup.

    c:\windows\system32\userinit.exe [124] was blocked from modifying c:\windows\explorer.exe.
    Could someone give me some advice about this warning.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Just give Userinit.exe the privilege to modify. It should already have that if Learning mode was on during installation.

    Pete
     
  3. mainer

    mainer Registered Member

    Joined:
    Sep 24, 2003
    Posts:
    27
    Location:
    USA
    Thank you Peter for the fast reply to my question.
     
  4. schristo

    schristo Registered Member

    Joined:
    Aug 5, 2005
    Posts:
    1
    I have xp home on 1 pc. when user tried to logon, immediately got logged off. Through searching on the web, I found a note that said I needed to rename userinit.exe to wsaupdate.exe then reboot.
    I got into recovery console and found that userinit.exe was userinit.vxe. Does this mean that userinit.vxe is corrputed by a virus? Can I ust rename userinit.vxe to userinit.exe? Can I copy userinit.exe from xp pro to xp home?

    Any thoughts/suggestions are greatly appreciated!
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi schristo, Though your question is not really a PG support question, I will try to help. This could be a part of the W32 Bagle Worm
    *\WINDOWS\SYSTEM32\userinit.vxe,Description: The file *\WINDOWS\SYSTEM32\userinit.vxe is infected with the W32.Beagle.M@mm virus." This is an old worm so maybe you have a remnant left on your system.
    KAV have an on line virus testing engine: http://www.kaspersky.com/virusscanner
    Also do a full AV / AT & AS tests on your system.
    Make sure that your system is fully patched.

    HTH Pilli.
     
Thread Status:
Not open for further replies.