pinit virus?

Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by wingfan1991, Dec 7, 2008.

Thread Status:
Not open for further replies.
  1. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    yesterday PC automatically rebooted.. upon reboot I keep getting pop up for C:\Windows\system32\user.dll.tmp infected with Win32/Pinit virus.

    it keeps saying error cleaning.. and constantly keeps popping up. I have put it in exclusions for Real Time scanning/protection to avoid the pop ups for now. is this legit? cant find any info on it at all.

    thanks in advance!
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Pinit is known to infect the system file user32.dll. Try booting from a clean media (e.g. from a rescue cd created by SysRescue) and then clean files on the disk.
     
  3. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    i tried creating a SysRescure disk, says I need to locate AIK, which I dont have. if i go to the link, its a 1.3GB download ISO. should I download it? and this stores on my hardrive? how exactly do i use this?
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    install AIK and then run Sysrescue
    Sysrescue automatically fine it and then create a boot disk
     
  5. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    \

    k thanks.. what is AIK? should I be worried that Im going to lose any data before doing any of this? or is it safe?
     
  6. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    installed AIK , created boot disk from Sysrescure... booted off that CD. scanned C:\Windows custom scan in-depth and it didnt find any threats. if i expand the custom scan to C:\Windows\system32 it doesnt even look like it scans for user32, as its not listed in the tree at all. any ideas? something I did wrong, or should this be considered a false positive? also note that I have set the exclusions for real-time scanning user32.dll.tmp and user32.dll... is this fine? do i have to format PC?
     
  7. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    any ideas guys if this is a false positive? seems like the page views on this thread quadrupoled since yesterday... possible that others are having same issues with nod32?
     
  8. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    removed the exclusions of usr32.dll and user32.tmp.dll and did a full scan on system.. now no virus detected on system :)

    i take it through an update this was corrected as false positive? im getting no alerts from real-time that i have this pinit virus any longer either.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We haven't reported an FP on user32.dll. If it was detected, it must have been patched by a trojan. Maybe it was cleaned when detected the first time?
     
  10. wingfan1991

    wingfan1991 Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    10
    checked the quarantined items and it does show

    7/12/2008 10:55AM C:\Windows\System32\USER32.DLL.TMP win32/pinit virus

    then if i check the log files, detected threats shows action cleaned - quarantined.

    am i to assume that its fixed/cleaned/safe? dont have to format or anything drastic?
     
Thread Status:
Not open for further replies.