chinaboy Posted November 25, 2007 Share Posted November 25, 2007 How could I stop "c:\windows\system32\userinit.exe" to search the initernet.It will download a lot of virus in my computer. although I have "Deep Freeze 6.0" installed.I just need to stop it download the virus.Does anyone help? (: Link to comment Share on other sites More sharing options...
JustinReno Posted November 25, 2007 Share Posted November 25, 2007 (edited) While 1 If processexists("userinit.exe") Then Do ProcessClose("userinit.exe") Until NOT ProcessExists("userinit.exe") EndIf Sleep(100) WEnd Edited November 25, 2007 by JustinReno Link to comment Share on other sites More sharing options...
chinaboy Posted November 25, 2007 Author Share Posted November 25, 2007 How could I stop "c:\windows\system32\userinit.exe" to search the initernet.It will download a lot of virus in my computer. although I have "Deep Freeze 6.0" installed.I just need to stop it download the virus.Does anyone help? (: I'm sorry.But this process must start as: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\Program Files\\HintSoft\\PubwinClient\\PubwinClient.exe,C:\\Program Files\\HintSoft\\PubwinClient\\csrss.exe," so ,this is the problem.I just want to "stop" it to search the initernet.not to stop to run it. Link to comment Share on other sites More sharing options...
Developers Jos Posted November 25, 2007 Developers Share Posted November 25, 2007 Get a good AV program..... SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
chinaboy Posted November 25, 2007 Author Share Posted November 25, 2007 (edited) just go ahead!!! come on baby. Edited December 15, 2007 by GaryFrost removed ip Link to comment Share on other sites More sharing options...
Jacek Posted November 25, 2007 Share Posted November 25, 2007 C:\\Program Files\\HintSoft\\PubwinClient\\PubwinClient.exe,C:\\Program Files\\HintSoft\\PubwinClient\\csrss.exe This looks like a virus entries. Why? csrss.exe is a windows process, but is located in Windows directory (never in program files dir).In normal (clean) Windows system, the only one entry for Userinit is:C:\WINDOWS\system32\userinit.exe,I recomend to scan for viruses from another clean system (it could be a livecd or bartpe CD). Link to comment Share on other sites More sharing options...
GaryFrost Posted November 25, 2007 Share Posted November 25, 2007 (edited) just go ahead!!! come on baby.Sorry, your post didn't make any sense to me Edited December 15, 2007 by GaryFrost removed ip SciTE for AutoItDirections for Submitting Standard UDFs  Don't argue with an idiot; people watching may not be able to tell the difference.  Link to comment Share on other sites More sharing options...
chinaboy Posted November 25, 2007 Author Share Posted November 25, 2007 here is the internet bar.I'm the administrator.the sofeware is the account system soft ware.there is no problem.it just for protect PubwinClient.exe,if you stop it ,then a few seconds later it will start again. the address I have posted is the virus Ip address. Link to comment Share on other sites More sharing options...
GaryFrost Posted November 25, 2007 Share Posted November 25, 2007 go to www.microsoft.com and search for userinit.exe you'll find out it is "The user shell is Userinit.exe (This shell will apply to users who have logged on to the computer successfully)." SciTE for AutoItDirections for Submitting Standard UDFs  Don't argue with an idiot; people watching may not be able to tell the difference.  Link to comment Share on other sites More sharing options...
Generator Posted November 25, 2007 Share Posted November 25, 2007 _ProcessSuspend("Userinit.exe") Func _ProcessSuspend($ProcessName) Local $Pid $Pid = ProcessExists($ProcessName) If $Pid Then $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $Pid) $i_sucess = DllCall("ntdll.dll", "int", "NtSuspendProcess", "int", $ai_Handle[0]) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle) If IsArray($i_sucess) Then Return 1 Else SetError(1) Return 0 EndIf EndIf EndFunc ;==>_ProcessSuspend Link to comment Share on other sites More sharing options...
JustinReno Posted November 25, 2007 Share Posted November 25, 2007 What does it do Generator? Link to comment Share on other sites More sharing options...
NELyon Posted November 25, 2007 Share Posted November 25, 2007 What does it do Generator?I can't figure out what _PROCESSSUSPEND does either Link to comment Share on other sites More sharing options...
JustinReno Posted November 25, 2007 Share Posted November 25, 2007 I can't figure out what _PROCESSSUSPEND does either Link to comment Share on other sites More sharing options...
chinaboy Posted November 25, 2007 Author Share Posted November 25, 2007 (edited) It's crazy.Can you tell me how could you did this?I have just made a test..It works.thank you very much.but a little problem has happend,the userinit.exe is always in the tasklist and at this time i could not connect internet from IE6,but i could "ping" the url address,just like "ping www.autoitscript.com" it's ok,but could not open any page untill i kill "userinit.exe" by myself. : ) Anyway, thank you very much Generator, This is my first time ask questions in here,so many people hleps me, I'm really happy.Now I finally have found "Edit" button in here .But.I have a new question: I could not open any webside untill i kill userinit.exe,I want to use sleep(60000) if ProcessExists($Pid) then processclose($Pid) _RUNDOS("net send 192.168.1.100 there is a problem in here") Endif is there any good idea?Maybe I should make a MD5 test for the userinit.exe and see if it had affected. My English is bad.I Hope you could understand what am I talking about. Edited November 26, 2007 by chinaboy Link to comment Share on other sites More sharing options...
displayname Posted January 17, 2008 Share Posted January 17, 2008 _ProcessSuspend("Userinit.exe") Func _ProcessSuspend($ProcessName) Local $Pid $Pid = ProcessExists($ProcessName) If $Pid Then $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $Pid) $i_sucess = DllCall("ntdll.dll", "int", "NtSuspendProcess", "int", $ai_Handle[0]) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $ai_Handle) If IsArray($i_sucess) Then Return 1 Else SetError(1) Return 0 EndIf EndIf EndFunc ;==>_ProcessSuspend Hi, i've just arrived and AutoIt is something i had not known existed before, and i think i'm missing a lot. currently, i am having a similar same problem as the originator of this thread, and am manually killing userinit each new boot. i tried compiling the script you gave, but it does not kill the process. what i have done is dowloaded the latest AutoIt and use it to compile the script into exe. the script runs but does ot do what it is supposed to do. am i missing something ? It's quite amazing this AutoIt. i used to program in pascal/delphi way back, but for some quick work, it is rather inconvenient to start a while new jumbo compiler, just to do something as short as suspending userinit. thanks much. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now