Userinit.exe is a Windows system file that is responsible for loading the user profile and running the login script when a user logs on to the system. It is an essential component of the Windows operating system and should not be deleted or disabled. However, some malware programs may disguise themselves as userinit.exe and run malicious code on the infected computer. In this blog post, we will explain how to identify and remove userinit.exe malware from your PC.
What is Userinit.exe?
Userinit.exe is located in the C:\Windows\System32 folder and has a file size of about 26 KB. It is a legitimate Windows file that is executed by winlogon.exe, the process that manages user logon and logoff. Userinit.exe loads the user profile, which includes the desktop settings, registry settings, and environment variables for the current user. It also runs the login script, which may include commands to map network drives, run programs, or perform other tasks. Userinit.exe then terminates itself and transfers control to explorer.exe, the process that runs the Windows graphical user interface.
Is Userinit.exe Malware?
Userinit.exe is not malware by itself, but some malware programs may use the same name or a similar name to trick users into thinking they are harmless. For example, some malware may be named userini.exe, userinlt.exe, or userinitl.exe and be located in a different folder than C:\Windows\System32. These malicious files may run in the background and perform various harmful activities, such as stealing personal information, downloading more malware, or displaying unwanted ads.
How to identify userinit.exe malware?
One way to check if userinit.exe is malware or not is to use Task Manager. To open Task Manager, press Ctrl+Alt+Delete and select Task Manager from the menu. Then click on the Details tab and look for userinit.exe in the list of processes. If you see more than one userinit.exe process or if the process is using a lot of CPU or memory resources, it may be a sign of malware infection. You can also right-click on the process and select Open file location to see where the file is located. If it is not in C:\Windows\System32, it is likely malware.
If you suspect that Userinit.exe is infected with malware, you can follow the below free malware removal guide to clean up your device.
Remove malware from your Windows device
The below malware removal instructions are for Windows users, however, we also have an Android Guide and a Mac Guide which should help clean up your device.
This malware removal guide may appear overwhelming due to the number of steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy-to-understand instructions that anyone can use to remove malware for free.
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.
To remove the Userinit.exe Trojan and other malware from your computer, follow these steps:
- STEP 1: Uninstall malicious programs from Windows
- STEP 2: Reset browsers back to default settings
- STEP 3: Use Rkill to terminate suspicious programs
- STEP 4: Use Malwarebytes to remove for Trojans and Unwanted Programs
- STEP 5: Use HitmanPro to remove Rootkits and other Malware
- STEP 6: Use AdwCleaner to remove Malicious Browser Policies and Adware
- STEP 7: Perform a final check with ESET Online Scanner
STEP 1: Uninstall malicious programs from Windows
In this first step, we will manually check if any unknown or malicious programs are installed on the computer. Sometimes adware and browser hijackers can have a usable Uninstall entry that can be used to remove them.
Windows 11Windows 10Windows 8Windows 7
-
Press the Windows key + I on your keyboard to open the Settings app.
First, open Windows Settings by pressing Windows+I on your keyboard. You can also right-click your Start button and select “Settings” from the list.
-
In the Settings app, click on “Apps” and then “Apps & features”.
When Settings opens, click “Apps” in the sidebar, then select “Apps & Features”.
-
Find the malicious program in the list of installed apps and uninstall it.
In Apps & Features settings, scroll down to the app list and search for unknown or suspicious programs. To make things easier, you can sort all installed programs by their installation date. To do this, click “Sort by” and select “Install date”.
Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. When you find a malicious program, click the three dots button beside it and select “Uninstall” in the menu that appears.
If you have checked your computer for malicious programs and did not find any, you can proceed with the next step in this guide.
-
Follow the prompts to uninstall the program.
In the next message box, confirm the uninstall process by clicking on Uninstall, then follow the prompts to uninstall the malicious program.
Make sure to read all of the prompts carefully, because some malicious programs try to sneak things in hoping that you won’t read them closely.
-
Press the Windows key + I on your keyboard to open the Settings app.
Press the Windows key + I on your keyboard to open the Settings app. You can also ope the Settings app by clicking the Start button on the taskbar, then select “Settings” (gear icon).
-
In the Settings app, click on “Apps”.
When the “Windows Settings” window opens, click on “Apps“. By default, it should open “Apps and Features” but if it doesn’t, select it from the list on the left.
-
Find the malicious program in the list of installed apps and uninstall it.
In Apps & Features settings, scroll down to the app list and search for unknown or suspicious programs. To make things easier, you can sort all installed programs by their installation date. To do this, click “Sort by” and select “Install date”.
Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. When you find a malicious program, click on it and select “Uninstall” in the menu that appears.
If you have checked your computer for malicious programs and did not find any, you can proceed with the next step in this guide.
-
Follow the prompts to uninstall the program.
In the next message box, confirm the uninstall process by clicking on Uninstall, then follow the prompts to uninstall the malicious program.
Make sure to read all of the prompts carefully, because some malicious programs try to sneak things in hoping that you won’t read closely.
-
Go to “Program and Features”.
Right-click on the Start button in the taskbar, then select “Programs and Features”. This will take you directly to your list of installed programs.
-
Search for malicious program and uninstall it.
The “Programs and Features” screen will be displayed with a list of all the programs installed on your computer. Scroll through the list until you find any unknown or suspicious program, then click to highlight it, then click the “Uninstall” button.
Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program.
If you have checked your computer for malicious programs and did not find any, you can proceed with the next step in this guide.
-
Follow the on-screen prompts to uninstall malicious program.
In the next message box, confirm the uninstall process by clicking on Yes, then follow the prompts to uninstall malicious program. Make sure to read all of the prompts carefully, because some malicious programs try to sneak things in hoping that you won’t read closely.
-
Open the “Control Panel”.
Click on the “Start” button, then click on “Control Panel“.
-
Click on “Uninstall a Program”.
When the “Control Panel” appears, click on “Uninstall a Program” from the Programs category.
-
Search for malicious programs and uninstall them.
The “Programs and Features” screen will be displayed with a list of all the programs installed on your computer. Scroll through the list until you find any suspicious or unknown program, then click to highlight it, then click the “Uninstall” button.
Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program.If you have checked your computer for malicious programs and did not find any, you can proceed with the next step in this guide.
-
Follow the on-screen prompts to uninstall malicious program.
In the next message box, confirm the uninstall process by clicking on Yes, then follow the prompts to uninstall malicious program. Make sure to read all of the prompts carefully, because some malicious programs try to sneak things in hoping that you won’t read closely.
If you are experiencing difficulty while attempting to uninstall a program, you can use Revo Uninstaller to completely remove the unwanted program from your computer.
Now that the malicious programs have been removed from your computer, we can proceed with the next step in this guide.
STEP 2: Reset browsers back to default settings
In this step, we will remove spam notifications, malicious extensions, and change to default any settings that might have been changed by malware.
Please note that this method will remove all extensions, toolbars, and other customizations but will leave your bookmarks and favorites intact. For each browser that you have installed on your computer, please click on the browsers tab below and follow the displayed steps to reset that browser.
ChromeFirefoxMicrosoft EdgeInternet Explorer
Reset Chrome for Windows to default settings
We will now reset your Chrome browser settings to their original defaults. This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your favorites, history, and saved passwords will not be cleared.
-
Click the three dots in the top-right corner and then click on “Settings”.
Open Chrome and click on the menu button (represented by three vertical dots) in the top right corner of the window. In the dropdown menu that opens, click “Settings“.
-
Click “Advanced”.
Chrome’s “Settings” should now be displayed in a new tab or window, depending on your configuration. In the left sidebar, click on the “Advanced” link.
-
Click “Reset and clean up”.
In the left sidebar, under the “Advanced” section, click on “Reset and clean up“.
-
Click “Reset settings to their original defaults”.
In the main window, the “Reset and clean up” section is visible, as shown in the screenshot below. Click on “Reset settings to their original defaults“.
-
Click “Reset settings”.
A confirmation dialog will now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset settings” button.
-
(Optional) Reset Chrome Data Sync.
In case a malicious extension reinstalls itself even after performing a browser reset, you have an additional option to reset the data sync for your browser. To do this, navigate to chrome.google.com/sync and click on the Clear Data button.
Reset Firefox for Windows to default settings
We will now reset your Firefox browser settings to their default. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history, and open tabs.
-
Click the three horizontal lines in the top-right corner and then click on “Help”.
Click on Firefox’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled “Help“.
-
Click “More troubleshooting information”.
From the Help menu, click on “More troubleshooting information“.
-
Click on “Refresh Firefox”
When the “Troubleshooting Information” page opens, click on the “Refresh Firefox” button.
-
Confirm that you want to reset your browser settings.
To finish the reset process, click on the “Refresh Firefox” button in the new confirmation window that opens.
-
Click “Finish”.
Firefox will now close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on “Finish“.
Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.
Reset Microsoft Edge to default settings
We will now reset your Microsoft Edge browser settings to their default. This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your favorites, history, and saved passwords will not be cleared.
-
Click the three dots in the top-right corner and then click on “Settings”.
In the top right corner, click on Microsoft Edge’s main menu button, represented by three horizontal dots. When the drop-down menu appears, click on “Settings“.
-
Click on “Reset Settings”.
On the left side of the window, click on “Reset Settings“.
-
Click on “Restore settings to their default values”.
In the main window, click on “Restore settings to their default values“.
-
Click “Reset”.
A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset” button.
Microsoft Edge will now erase all your personal data, browsing history, and disable all installed extensions. Your bookmarks, though, will remain intact and still be accessible.
Reset Internet Explorer to default settings
We will now reset your Internet Explorer browser settings to their default. You can reset Internet Explorer settings to return them to the state they were in when Internet Explorer was first installed on your computer.
-
Go to “Internet Options”.
Open Internet Explorer, click on the gear icon in the upper-right part of your browser, then select “Internet Options“.
-
Select the “Advanced” tab, then click “Reset”
In the “Internet Options” dialog box, select the “Advanced” tab, then click on the “Reset” button.
-
Click on “Reset”.
In the “Reset Internet Explorer settings” section, select the “Delete personal settings” checkbox, then click on the “Reset” button.
-
Click on “Close”.
When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box.
Close your browser and then you can open Internet Explorer again.
STEP 3: Use Rkill to terminate suspicious programs.
In this thrid step, we will download and run Rkill to terminate suspicious programs that may be running on your computer.
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools.
-
Download Rkill.
You can download RKill to your computer from the below link. When at the download page, click on the Download Now button labeled iExplore.exe. We are downloading a renamed version of Rkill (iExplore.exe) because some malware will not allow processes to run unless they have a certain filename.
-
Run RKill.
After downloading, double-click the iExplore.exe icon to kill malicious processes. In most cases, downloaded files are saved to the Downloads folder.
The program may take some time to search for and end various malware programs.
When it is finished, the black window will close automatically and a log file will open. Do not restart your computer. Proceed to the next step in this guide.
STEP 4: Use Malwarebytes to remove for Trojans and Unwanted Programs
In this next step, we will we will install Malwarebytes to scan and remove any infections, adware, or potentially unwanted programs that may be present on your computer.
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
-
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
-
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
-
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
-
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
-
Malwarebytes will now begin the installation process on your device.
-
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
-
On the final screen, simply click on the Open Malwarebytes option to start the program.
-
-
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
-
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
-
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
-
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
-
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
STEP 5: Use HitmanPro to remove Rootkits and other Malware
In this fifth step, while the computer is in normal back, we will download and run a scan with HitmanPro to remove Trojans, rootkits, and other malicious programs.
HitmanPro is a second-opinion scanner that takes a unique cloud-based approach to malware scanning. HitmanPro scans the behavior of active files and also files in locations where malware normally resides for suspicious activity. If it finds a suspicious file that’s not already known, HitmanPro sends it to its clouds to be scanned by two of the best antivirus engines today, which are Bitdefender and Kaspersky.
Although HitmanPro is shareware and costs $24.95 for 1 year on 1 PC, there is no limit on scanning. The limitation only kicks in when there is a need to remove or quarantine detected malware by HitmanPro on your system and by then, you can activate the one-time 30-days trial to enable the cleanup.
-
Download HitmanPro.
You can download HitmanPro by clicking the link below.
HITMANPRO DOWNLOAD LINK
(The above link will open a new web page from where you can download HitmanPro) -
Install HitmanPro.
When HitmanPro has finished downloading, double-click on “hitmanpro.exe” (for 32-bit versions of Windows) or “hitmanpro_x64.exe” (for 64-bit versions of Windows) to install this program on your computer. In most cases, downloaded files are saved to the Downloads folder.
You may be presented with a User Account Control pop-up asking if you want to allow HitmanPro to make changes to your device. If this happens, you should click “Yes” to continue with the installation.
-
Follow the on-screen prompts.
When HitmanPro starts you will be presented with the start screen as shown below. Click on the “Next” button to perform a system scan.
-
Wait for the HitmanPro scan to complete.
HitmanPro will now begin to scan your computer for malicious programs.
-
Click on “Next”.
When HitmanPro has finished the scan, it will display a list of all the malware that it has found. Click on the “Next” button to have HitmanPro remove the detected items.
-
Click on “Activate free license”.
HitmanPro may now require to activate the free 30-days trial to remove the malicious files. To do this, click on the “Activate free license” button to begin the free 30 days trial and remove all the malicious files from your computer.
When the malware removal process is complete, it will display a screen that shows the status of the various programs that were removed. At this screen, you should click on the Next button and then if prompted you should click on the Reboot button. If HitmanPro does not prompt you to reboot, please just click on the Close button.
STEP 6: Use AdwCleaner to remove Malicious Browser Policies and Adware
In this next step, we will use AdwCleaner to remove malicious browser policies and unwanted browser extensions from your computer.
AdwCleaner is a free popular on-demand scanner that can detect and remove malware that even the most well-known anti-virus and anti-malware applications fail to find. This on-demand scanner includes a lot of tools that can be used to fix the side effects of adware. browser hijackers and other malware.
-
Download AdwCleaner.
You can download AdwCleaner by clicking the link below.
-
Double-click on the setup file.
Double-click on the file named “adwcleaner_x.x.x.exe” to start AdwCleaner. In most cases, downloaded files are saved to the Downloads folder.
AdwCleaner program will now open and you will be presented with the program’s license agreement. After you read it, click on the I agree button if you wish to continue. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
-
Enable “Reset Chrome policies” to remove malicious browser policies.
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable “Reset Chrome policies“.
-
Click on the “Scan” button.
On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
-
Wait for the AdwCleaner scan to finish.
AdwCleaner will now scan your computer for malware. This process can take a few minutes.
-
Click on “Quarantine” to remove malware.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button to remove the malicious programs from your computer.
-
Click on “Continue” to remove the malicious programs.
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the “Continue” button to finish the removal process.
AdwCleaner will now delete all detected malware from your computer. When the malware removal process is complete, you may be asked to restart your computer.
STEP 7: Perform a final check with ESET Online Scanner
This final step involves installing and running a scan with ESET Online Scanner to check for any additional malicious programs that may be installed on the computer..
ESET Online Scanner is a free second-opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti-virus software, firewalls, etc.).
-
Download ESET Online Scanner.
You can download ESET Online Scanner by clicking the link below.
-
Double-click on esetonlinescanner.exe to run the installer.
When ESET Online Scanner has finished downloading, double-click on “esetonlinescanner.exe” to install it program on your computer. In most cases, downloaded files are saved to the Downloads folder.
-
Install ESET Online Scanner.
When ESET Online Scanner starts you will be presented with the start screen as shown below. Select your desired language from the drop-down menu and click Get started.
In the Terms of use screen, click Accept.
Select your preference for the Customer Experience Improvement Program and the Detection feedback system and click Continue.
-
Start a Full Scan with ESET Online Scanner
Click on Full Scan to perform an in-depth inspection of the entire computer.
Select Enable for Detection of Potentially Unwanted Applications, then click Start scan.
-
Wait for the ESET Online Scanner scan to finish.
ESET Online Scanner will now begin to scan your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
-
ESET Online Scanner will automatically remove the malicious files.
At the end of the scan, the Found and resolved detections screen will be displayed. You can click View detailed results to view specific information. Detected threats are automatically cleaned and quarantined.
Your computer should now be free of the Userinit.exe Trojan and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
- Run a computer scan with ESET Online Scanner
- Ask for help in our Windows Malware Removal Help & Support forum.
Userinit.exe is a legitimate Windows system file that loads the user profile and runs the login script when a user logs on to the system. It is not malware by itself, but some malware programs may disguise themselves as userinit.exe and run malicious code on the infected computer. To identify and remove userinit.exe malware, you can use Task Manager or an antivirus program to check if the file is located in C:\Windows\System32 and if it is using normal CPU or memory resources. You can also use a specialized tool like Malwarebytes or HitmanPro to scan for and remove userinit.exe malware.
Here are 10 basic security tips to help you avoid malware and protect your device:
To avoid potential dangers on the internet, it’s important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
CollectionLog-2025.01.15-04.30.zipЗдравствуйте, столкнулся с проблемой дубля файла dwm.exe. Из особенностей — он полностью повторяет путь, по всей видимости, оригинального файла и они будто являются одной и той же программой. При включении диспетчера задач резко сбрасывает потребление ЦП до сотых процента. Проблема не нова, судя по всему, и для удобства вставлю ссылки на решения похожей проблемы.
Сам я мало что понимаю в кодах, описанных в этих темах, чтобы их на свой лад изменять. Поэтому не сочтите за наглость, но я прошу о помощи.
Проверил компьютер двумя рекомендованными утилитами. Интересующий файл они не обнаружили (разве что dr web обнаружил им определённый троян di.exe, но, вроде, сам его удалил).
Ниже прикрепляю дополнительный скрин из утилиты System informer (ранее, Process hacker 2).
#1
Meddison
- Posters
- 5 Сообщений:
Newbie
Отправлено 09 Октябрь 2010 — 00:22
Здравствуйте! Недавно появилась проблема, связанная с проблемой захода на страницы антивирусов и некоторых других сайтов. Разумеется, появились подозрения на вирусы. Попытка обновить антивирус не увенчалась успехом. По описанию в интернете сделала вывод, что это нечто под названием «Kido», но свежая версия «Кидокиллера» не помогла. Тест тоже не показал никаких признаков этого вируса. Затем в реестре заметила, что в HLM\Software\Microsoft\Windows NT\Current Version\Winlogon\Userinit появилось это: «c:\windows\system32\userinit.exe,C:\WINDOWS\system32\voiuyc.exe,C:\WINDOWS\system32\bpntzt.exe,»
И, соответственно, в HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes тоже куча всяких ненужностей, которая сразу же восстанавливается, как и путь в userinit’е.
Скачала «HiJackThis» (вирус блокировал, сейчас внезапно заработала), AVZ вообще напрочь отказывалась работать, даже тогда, когда я попыталась переименовать ее. Скачав какую-то утилиту, AVZ запустилась.
DR WEB выдает несколько троянов.
Но решение этой проблемы я до сих пор не нашла.
Помогите пожалуйста! Я в этом деле вообще нуб, как говорится.
Логи прикрепляю.
Прикрепленные файлы:
- Наверх
#2
mrbelyash
mrbelyash
- Members
- 25 897 Сообщений:
Беляш
Отправлено 09 Октябрь 2010 — 00:34
Сделайте лог http://people.drweb.com/people/yudin/dwsysinfo.exe
———
Файлы искать гмером http://wiki.drweb.com/index.php/Скрытые_процессы
C:\WINDOWS\system32\voiuyc.exe
C:\WINDOWS\system32\bpntzt.exe
c:\documents and settings\admin\application data\drm\drm.exe-вирустотал
- Наверх
#3
mrbelyash
mrbelyash
- Members
- 25 897 Сообщений:
Беляш
Отправлено 09 Октябрь 2010 — 00:38
Скачать и запустить
http://www.teamviewer.com/download/TeamViewerQS.exe
Сообщить ID и пароль.
Я зайду на машину и посмотрю(если нет ничего секретного).
- Наверх
#4
Meddison
Meddison
- Posters
- 5 Сообщений:
Newbie
Отправлено 09 Октябрь 2010 — 11:37
mrbelyash, архив прикрепляю к сообщению.
А насчет второго… Сколько это будет стоить?
- Наверх
#5
mrbelyash
mrbelyash
- Members
- 25 897 Сообщений:
Беляш
Отправлено 09 Октябрь 2010 — 11:44
В вирлаб
c:\windows\system32\bpntzt.exe (он на диске и в процессах есть)
c:\windows\system32\voiuyc.exe(он на диске и в процессах есть)
А потом запустить Gmer и убить их процессы.
——
После убийства процессов ключи в реестре привести к такому виду
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
«Userinit»=»userinit.exe,»
А этот убить
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
«usrint» Type=»C:\WINDOWS\system32\ztgnir.exe»
—-
После запустить прикрепленный файлик
Сообщение было изменено mrbelyash: 09 Октябрь 2010 — 11:48
- Наверх
#6
Meddison
Meddison
- Posters
- 5 Сообщений:
Newbie
Отправлено 09 Октябрь 2010 — 12:34
Спасибо. Только не могли бы вы разъяснить, как обращаться с GMER’ом?
Википедия-то тоже не открывается =(
Заранее спасибо!
- Наверх
#7
mrbelyash
mrbelyash
- Members
- 25 897 Сообщений:
Беляш
Отправлено 09 Октябрь 2010 — 12:40
Спасибо. Только не могли бы вы разъяснить, как обращаться с GMER’ом?
Википедия-то тоже не открывается =(
Заранее спасибо!
После запуска щелкнуть по вкладке >>>> перейти на Processes, а там правой кнопкой мыша по процессу и выбрать Kill process
- Наверх
#8
Meddison
Meddison
- Posters
- 5 Сообщений:
Newbie
Отправлено 09 Октябрь 2010 — 13:31
Окей. Спасибо большое за разъяснение! Теперь все понятно.
Вот только прежде чем удалять, их нужно отправить. А отправить я не могу, ибо заходит только на форум д-ра Веба =(
На любые страницы сайта не заходит вообще.
Может, как-то по-другому можно отправить?..
- Наверх
#9
mrbelyash
mrbelyash
- Members
- 25 897 Сообщений:
Беляш
Отправлено 09 Октябрь 2010 — 13:33
Окей. Спасибо большое за разъяснение! Теперь все понятно.
Вот только прежде чем удалять, их нужно отправить. А отправить я не могу, ибо заходит только на форум д-ра Веба =(
На любые страницы сайта не заходит вообще.
Может, как-то по-другому можно отправить?..
их просто скопировать в другое место,а отправлять после того как терминируете,удалите,и зачистите статические маршруты
——
Или мне в личку отправить.
- Наверх
#10
Meddison
Meddison
- Posters
- 5 Сообщений:
Newbie
Отправлено 09 Октябрь 2010 — 14:34
mrbelyash, СПАСИБО ВАМ ОГРОМНОЕ!
Сейчас порадуюсь и всё отошлю =)
- Наверх
Have you ever stared blankly at a black screen after turning on your computer, wondering why Windows refuses to load? Or maybe you’ve experienced that agonizingly slow login process that feels like an eternity? These frustrating experiences are often linked to critical system files, and one file that plays a surprisingly significant role is userinit.exe. Many users don’t even know this file exists, yet it’s essential for a smooth and successful Windows boot. Let’s explore what userinit.exe is, how it works, and what to do when it causes problems.
Understanding userinit.exe
At its core, userinit.exe is a crucial executable file within the Windows operating system. Think of it as the welcoming committee that greets you after Windows has loaded its initial components. Its primary function is to initialize the user environment after the operating system has started up. This includes loading your user profile, setting up your desktop, and launching essential processes that allow you to interact with Windows.
- Definition:
userinit.exeis a Windows system file responsible for initializing the user environment upon login. - Function: It loads the user profile, sets up the desktop, and starts essential processes.
- Location: It’s typically found in the
C:\Windows\System32directory.
The Windows boot process is a complex sequence of events, and userinit.exe plays a vital role in the final stages. Let’s break down how it all works:
- Power-On Self-Test (POST): When you turn on your computer, the BIOS performs a hardware check.
- Bootloader: The bootloader loads the operating system kernel.
- Kernel Initialization: The kernel initializes essential system components.
- Winlogon.exe: This process handles user authentication and login.
- userinit.exe: After successful login,
Winlogon.exestartsuserinit.exe. - User Profile Loading:
userinit.exeloads the user profile, including settings, desktop configuration, and environment variables. - Shell Execution: It then launches the shell (usually
explorer.exe), which presents the desktop and taskbar. - Startup Processes: Finally, it starts any programs configured to run at startup.
Analogy: Think of the boot process as building a house. The kernel is the foundation, Winlogon.exe is the security guard at the front door, and userinit.exe is the interior decorator who sets up the furniture and personal touches to make it your home.
Interaction with Other Components:
- Winlogon.exe:
Winlogon.exeis responsible for the Windows login process. After you enter your credentials,Winlogon.exeauthenticates you and then callsuserinit.exeto set up your user environment. - Registry:
userinit.exerelies heavily on the Windows Registry to load user-specific settings. The Registry contains information about your profile, desktop configuration, and startup programs. - explorer.exe:
userinit.exelaunchesexplorer.exe, which provides the graphical user interface (GUI) you interact with. Withoutexplorer.exe, you would only see a blank screen.
Unfortunately, userinit.exe isn’t immune to problems. When things go wrong, it can lead to a variety of issues that negatively impact your Windows experience.
- Boot Failures: If
userinit.exeis missing or corrupted, Windows may fail to boot altogether, leaving you with a black screen or an error message. - Slow Logins: A malfunctioning
userinit.execan significantly slow down the login process, making you wait longer to access your desktop. - Error Messages: You might encounter error messages related to
userinit.exe, indicating that the file is missing, corrupted, or cannot be executed. - System Instability: In some cases, problems with
userinit.execan lead to system instability, causing applications to crash or Windows to freeze.
Real-World Scenario: I remember helping a friend whose computer was stuck on a black screen after a Windows update. After some troubleshooting, we discovered that userinit.exe was corrupted. Replacing the file from a backup resolved the issue and got his computer running again.
These problems can result in a frustrating user experience, loss of productivity, and even data loss if not addressed promptly.
Diagnosing userinit.exe Issues
Identifying whether userinit.exe is the culprit behind your Windows problems requires some detective work. Here are some diagnostic techniques:
- Event Viewer: Check the Windows Event Viewer for error messages related to
userinit.exe. This tool logs system events, including errors and warnings, which can provide clues about the cause of the problem. - Safe Mode: Booting into Safe Mode can help determine if
userinit.exeis the issue. Safe Mode loads Windows with a minimal set of drivers and services. If the system boots normally in Safe Mode, it suggests that a third-party application or driver is interfering withuserinit.exe. - System File Checker (SFC): Run the System File Checker (SFC) to scan for and repair corrupted system files, including
userinit.exe. This tool can automatically replace damaged files with healthy copies from the Windows installation media. - Registry Editor: Use the Registry Editor (
regedit.exe) to check theShellandUserinitvalues in the following Registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Ensure that theUserinitvalue points to the correct path ofuserinit.exe(e.g.,C:\Windows\System32\userinit.exe,).
Misconception: Some users mistakenly believe that userinit.exe is a virus or malware. While it’s true that malware can sometimes disguise itself as legitimate system files, userinit.exe itself is a genuine Windows component.
Fixing userinit.exe Problems
Once you’ve confirmed that userinit.exe is the source of your woes, it’s time to take action. Here’s a step-by-step guide to resolving common userinit.exe-related issues:
-
System File Checker (SFC):
- Open Command Prompt as an administrator.
- Type
sfc /scannowand press Enter. - Wait for the scan to complete and follow any on-screen instructions.
-
Deployment Image Servicing and Management (DISM):
- Open Command Prompt as an administrator.
- Type
DISM /Online /Cleanup-Image /RestoreHealthand press Enter. - This command repairs the Windows image, which can fix corrupted system files.
-
Registry Modification:
- Open Registry Editor (
regedit.exe). - Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. - Double-click the
Userinitvalue and ensure it points toC:\Windows\System32\userinit.exe,. - Double-click the
Shellvalue and ensure it points toexplorer.exe. - Restart your computer.
- Open Registry Editor (
-
Replacing userinit.exe:
- If
userinit.exeis missing or severely corrupted, you may need to replace it with a clean copy from another computer or the Windows installation media. - Boot from a recovery drive or Windows installation media.
- Open Command Prompt.
- Navigate to the
C:\Windows\System32directory. - Rename the existing
userinit.exefile (e.g.,ren userinit.exe userinit.bak). - Copy the
userinit.exefile from the recovery drive or installation media to theC:\Windows\System32directory. - Restart your computer.
- If
Important Note: Before making any changes to the Registry or replacing system files, it’s crucial to back up your system. This allows you to restore your computer to a working state if something goes wrong.
Prevention and Best Practices
Prevention is always better than cure. Here are some best practices to maintain system health and prevent future issues with userinit.exe:
- Regular System Updates: Keep your Windows operating system up to date with the latest security patches and bug fixes. These updates often include improvements to system files, including
userinit.exe. - Malware Protection: Install a reputable antivirus program and keep it updated to protect your system from malware infections. Malware can corrupt or replace system files, including
userinit.exe. - Optimize Startup Programs: Reduce the number of programs that run at startup. Too many startup programs can slow down the boot process and increase the risk of conflicts with
userinit.exe. - Regular System Scans: Perform regular system scans with your antivirus program and disk cleanup utilities to remove temporary files and other unnecessary data.
- Backup Your System: Regularly back up your system to an external drive or cloud storage. This ensures that you can quickly restore your computer to a working state if something goes wrong.
Conclusion
userinit.exe is a small but mighty file that plays a critical role in the Windows boot process. By understanding its function and how it interacts with other system components, you can effectively troubleshoot and resolve boot-related issues. Remember to follow best practices to maintain system health and prevent future problems. With a little knowledge and proactive maintenance, you can keep your Windows system running smoothly and avoid the frustration of boot failures and slow logins.
Learn more
Readers help support Windows Report. We may get a commission if you buy through our links.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
We run into a few processes and applications on our computers that we know little about. For some readers, userinit.exe falls into this category.
So, we have done all the research on this executable, and in this guide, we will explore all there is to know about it.
Where is the Userinit EXE file located?
Userinit.exe is a small file, usually around 116 KB. The file has a digital signature by Microsoft, indicating that it belongs to Microsoft and is neither malware nor a virus. You may find it in the directory below:
C:\Windows\System32
What is userinit.exe?
The legal Windows process called userinit.exe is used to set up user profiles and launch the Windows shell. This executable is an essential component of the Windows operating system.
Upon starting the Windows operating system, userinit.exe automatically starts. This means your user profile, which contains your desktop preferences, favorite websites, and other customized data, loads.
Additionally, the Windows shell, which is the graphical user interface you use to interact with Windows, is also loaded.
- Plugin-container.exe: What is it & Should I Remove it?
- Conhost.exe: What is it & how to Fix Its High CPU Usage
- HydraDM.exe: What is It & Should I Remove It?
Should I remove userinit.exe?
If you delete the file, you can no longer log into Windows and will get the following error message: Windows could not start because the following file is missing or corrupt: C:\Windows\System32\userinit.exe.
So, if you’re worried that userinit.exe is malware or infected with a virus, or if there are any other problems surrounding the executable, you may run a virus scan on your computer rather than delete it.
How do I know if the userinit.exe is a virus?
1. Check the location
Ensure that the location tallies with the drive directory we highlighted in the Where is the Userinit EXE file located section. And also, make sure it is around 116KB.
If it doesn’t match these, it is most likely malware and may be removed.
2. Check the Publisher
- Press Windows + E to open File Explorer.
- Navigate to the path below and right-click on userinit and select Properties.
C:\Windows\System32
- Lastly, click the Details tab and ensure that the Copyright has Microsoft Corporation. If it doesn’t, it likely is malware.
That is as much as there is to know about the userinit.exe file. As a reminder, a virus may often mimic some of your important system files, so we encourage you to verify before taking any actions. Also, a virus scan is always the best solution when in doubt.
Lastly, drop any questions in the comments section if you think we missed a detail. We love to hear from you and will happily update you with additional information.
Afam Onyimadu
Windows Software Expert
Afam is a geek and the go-to among his peers for computer solutions. He has a wealth of experience with Windows operating systems, dating back to his introduction to Windows 98. He is passionate about technology amongst many other fields. Aside from putting pen to paper, he is a passionate soccer lover, a dog breeder, and enjoys playing the guitar and piano.