Jump to content

How could I stop userinit.exe to download virus

chinaboy

By chinaboy
in AutoIt General Help and Support

 Share

Recommended Posts

chinaboy Seeker

chinaboy

Posted
Posted

How could I stop "c:\windows\system32\userinit.exe" to search the initernet.It will download a lot of virus in my computer.

although I have "Deep Freeze 6.0" installed.I just need to stop it download the virus.Does anyone help? (: :P

chinaboy Seeker

chinaboy

Posted
  • Author
Posted

How could I stop "c:\windows\system32\userinit.exe" to search the initernet.It will download a lot of virus in my computer.

although I have "Deep Freeze 6.0" installed.I just need to stop it download the virus.Does anyone help? (: :P

I'm sorry.But this process must start as:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\Program Files\\HintSoft\\PubwinClient\\PubwinClient.exe,C:\\Program Files\\HintSoft\\PubwinClient\\csrss.exe,"

so ,this is the problem.I just want to "stop" it to search the initernet.not to stop to run it. ;)

Jacek Seeker

Jacek

Posted
Posted

C:\\Program Files\\HintSoft\\PubwinClient\\PubwinClient.exe,C:\\Program Files\\HintSoft\\PubwinClient\\csrss.exe

This looks like a virus entries. Why? csrss.exe is a windows process, but is located in Windows directory (never in program files dir).

In normal (clean) Windows system, the only one entry for Userinit is:

C:\WINDOWS\system32\userinit.exe,

I recomend to scan for viruses from another clean system (it could be a livecd or bartpe CD).

chinaboy Seeker

chinaboy

Posted
  • Author
Posted

here is the internet bar.I'm the administrator.the sofeware is the account system soft ware.there is no problem.it just for protect PubwinClient.exe,if you stop it ,then a few seconds later it will start again.

the address I have posted is the virus Ip address.

Generator Universalist

Generator

Posted
Posted 

_ProcessSuspend("Userinit.exe")
Func _ProcessSuspend($ProcessName)
    Local $Pid
    $Pid = ProcessExists($ProcessName)
    If $Pid Then
        $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $Pid)
        $i_sucess = DllCall("ntdll.dll", "int", "NtSuspendProcess", "int", $ai_Handle[0])
        DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        EndIf
    EndIf
EndFunc   ;==>_ProcessSuspend

chinaboy Seeker

chinaboy

Posted
  • Author
Posted (edited)

;) It's crazy.Can you tell me how could you did this?I have just made a test..It works.thank you very much.but a little problem has happend,the userinit.exe is always in the tasklist and at this time i could not connect internet from IE6,but i could

"ping" the url address,just like "ping www.autoitscript.com" it's ok,but could not open any page untill i kill "userinit.exe" by myself. : ) Anyway, thank you very much Generator, :)

This is my first time ask questions in here,so many people hleps me, I'm really happy.Now I finally have found "Edit" button in here :P .But.I have a new question: I could not open any webside untill i kill userinit.exe,I want to use 

sleep(60000)
if ProcessExists($Pid) then
processclose($Pid)
_RUNDOS("net send 192.168.1.100 there is a problem in here")
Endif

is there any good idea?Maybe I should make a MD5 test for the userinit.exe and see if it had affected.

My English is bad.I Hope you could understand what am I talking about. :P

Edited by chinaboy
  • 1 month later...
displayname Seeker

displayname

Posted
Posted 

_ProcessSuspend("Userinit.exe")
Func _ProcessSuspend($ProcessName)
    Local $Pid
    $Pid = ProcessExists($ProcessName)
    If $Pid Then
        $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $Pid)
        $i_sucess = DllCall("ntdll.dll", "int", "NtSuspendProcess", "int", $ai_Handle[0])
        DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        EndIf
    EndIf
EndFunc   ;==>_ProcessSuspend

Hi,

i've just arrived and AutoIt is something i had not known existed before, and i think i'm missing a lot.

currently, i am having a similar same problem as the originator of this thread, and am manually killing userinit each new boot.

i tried compiling the script you gave, but it does not kill the process.

what i have done is dowloaded the latest AutoIt and use it to compile the script into exe.

the script runs but does ot do what it is supposed to do.

am i missing something ?

It's quite amazing this AutoIt. i used to program in pascal/delphi way back, but for some quick work, it is rather inconvenient to start a while new jumbo compiler, just to do something as short as suspending userinit.

thanks much.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...