Issue Dealing With A Detected Win32/Pinit

I'm a new NOD32 Business user (60 seats) and I've just found an AV issue within a few hours of installing. The problem is summarised below:

I have made multiple scan and remove attempts with NOD32 and even MalwareBytes' Anti Malware. No luck removing (and the latter won't even detect it). It appears as though NOD32 cannot deal with this file.

As this is a live production server I have limited options for taking the server down.

Could this be a false positive? Any recommendations as to next steps?

 

Most likely a FP. AVG had the same issue back in Nov.
http://www.tomshardware.com/news/avg-antivirus-virus-removal,6587.html

 

Highly unlikely. I'm affraid you won't avoid booting to safe mode and replacing the file with a clean copy. You can also try using the system tool sfc.exe to check system files for consistency.

 

I would still do my due diligence before deleting or making any changes.

 

If it is launching with the winlogon process, then the trojan should only be active when a user is logged in unless it also hooked in to processes running with system credentials. Try logging out and replacing the user32.dll file with a non-trojaned one from another machine using the administrative share \\custard\c$\ as that may get the malicious code out of memory and clear out the file locks. If it is hooked in to other processes, you could try using process explorer to view the active threads in those processes and killing off the ones that shouldn't be hooked there, but this can be risky and cause processes to crash.