pinit virus?

yesterday PC automatically rebooted.. upon reboot I keep getting pop up for C:\Windows\system32\user.dll.tmp infected with Win32/Pinit virus.

it keeps saying error cleaning.. and constantly keeps popping up. I have put it in exclusions for Real Time scanning/protection to avoid the pop ups for now. is this legit? cant find any info on it at all.

thanks in advance!

 

Pinit is known to infect the system file user32.dll. Try booting from a clean media (e.g. from a rescue cd created by SysRescue) and then clean files on the disk.

 

i tried creating a SysRescure disk, says I need to locate AIK, which I dont have. if i go to the link, its a 1.3GB download ISO. should I download it? and this stores on my hardrive? how exactly do i use this?

 

install AIK and then run Sysrescue
Sysrescue automatically fine it and then create a boot disk

 

\

k thanks.. what is AIK? should I be worried that Im going to lose any data before doing any of this? or is it safe?

 

installed AIK , created boot disk from Sysrescure... booted off that CD. scanned C:\Windows custom scan in-depth and it didnt find any threats. if i expand the custom scan to C:\Windows\system32 it doesnt even look like it scans for user32, as its not listed in the tree at all. any ideas? something I did wrong, or should this be considered a false positive? also note that I have set the exclusions for real-time scanning user32.dll.tmp and user32.dll... is this fine? do i have to format PC?

 

any ideas guys if this is a false positive? seems like the page views on this thread quadrupoled since yesterday... possible that others are having same issues with nod32?

 

removed the exclusions of usr32.dll and user32.tmp.dll and did a full scan on system.. now no virus detected on system

i take it through an update this was corrected as false positive? im getting no alerts from real-time that i have this pinit virus any longer either.

 

We haven't reported an FP on user32.dll. If it was detected, it must have been patched by a trojan. Maybe it was cleaned when detected the first time?

 

checked the quarantined items and it does show

7/12/2008 10:55AM C:\Windows\System32\USER32.DLL.TMP win32/pinit virus

then if i check the log files, detected threats shows action cleaned - quarantined.

am i to assume that its fixed/cleaned/safe? dont have to format or anything drastic?