pinit virus?

Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by wingfan1991, Dec 7, 2008.

Thread Status:
Not open for further replies.
  1. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    yesterday PC automatically rebooted.. upon reboot I keep getting pop up for C:\Windows\system32\user.dll.tmp infected with Win32/Pinit virus.

    it keeps saying error cleaning.. and constantly keeps popping up. I have put it in exclusions for Real Time scanning/protection to avoid the pop ups for now. is this legit? cant find any info on it at all.

    thanks in advance!
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Pinit is known to infect the system file user32.dll. Try booting from a clean media (e.g. from a rescue cd created by SysRescue) and then clean files on the disk.
     
  3. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    i tried creating a SysRescure disk, says I need to locate AIK, which I dont have. if i go to the link, its a 1.3GB download ISO. should I download it? and this stores on my hardrive? how exactly do i use this?
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    install AIK and then run Sysrescue
    Sysrescue automatically fine it and then create a boot disk
     
  5. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    \

    k thanks.. what is AIK? should I be worried that Im going to lose any data before doing any of this? or is it safe?
     
  6. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    installed AIK , created boot disk from Sysrescure... booted off that CD. scanned C:\Windows custom scan in-depth and it didnt find any threats. if i expand the custom scan to C:\Windows\system32 it doesnt even look like it scans for user32, as its not listed in the tree at all. any ideas? something I did wrong, or should this be considered a false positive? also note that I have set the exclusions for real-time scanning user32.dll.tmp and user32.dll... is this fine? do i have to format PC?
     
  7. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    any ideas guys if this is a false positive? seems like the page views on this thread quadrupoled since yesterday... possible that others are having same issues with nod32?
     
  8. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    removed the exclusions of usr32.dll and user32.tmp.dll and did a full scan on system.. now no virus detected on system :)

    i take it through an update this was corrected as false positive? im getting no alerts from real-time that i have this pinit virus any longer either.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    We haven't reported an FP on user32.dll. If it was detected, it must have been patched by a trojan. Maybe it was cleaned when detected the first time?
     
  10. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    checked the quarantined items and it does show

    7/12/2008 10:55AM C:\Windows\System32\USER32.DLL.TMP win32/pinit virus

    then if i check the log files, detected threats shows action cleaned - quarantined.

    am i to assume that its fixed/cleaned/safe? dont have to format or anything drastic?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.