tag:blogger.com,1999:blog-2590733549034628316.post5893661580809188688..comments2023-09-17T04:13:36.781-07:00Comments on hpHosts Blog: ClamWin serious F/P againMysteryFCMhttp://www.blogger.com/profile/02934157746337952448noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-2590733549034628316.post-55089250948743163332009-07-29T12:08:51.722-07:002009-07-29T12:08:51.722-07:00I have found several of my clients' machines u...I have found several of my clients' machines unable to boot (logon/logoff loop) with the userinit.exe having been moved to the clamwin quarrantine folder. Additionally, however, I also have to edit the registry to remove an extraneous comma (",") at the end of the userinit path as listed in HKLM\SOFTWARE\Microsoft\Windows NT\CUrrentVersion\Winlogon\Userinit. I use the Trinity RescueUnknownhttps://www.blogger.com/profile/12406577706611555129noreply@blogger.comtag:blogger.com,1999:blog-2590733549034628316.post-42386833122847080452009-07-20T19:12:04.563-07:002009-07-20T19:12:04.563-07:00We use CSA (with Clam embedded) and about a dozen ...We use CSA (with Clam embedded) and about a dozen machines came up with the problem, and handful of them had a variety of other spyware/malware but nothing consistent other than the userinit.exe: Trojan.Agent. In a few cases replacing userinit worked after disabling system restore, and in other cases uninstalling and reinstalling (with AV disabled) was the only optionBernie Wojcikhttps://www.blogger.com/profile/11876712868413968158noreply@blogger.comtag:blogger.com,1999:blog-2590733549034628316.post-80221276499356118262009-07-19T20:45:57.314-07:002009-07-19T20:45:57.314-07:00Same experience here. Since ClamWin does seem to h...Same experience here. Since ClamWin does seem to have a habit of doing this, I submit the contents of ClamWin's quarantine folder to http://www.virustotal.com before deleting anything. If virustotal shows that only ClamWin detects a virus I just assume it's a false positive.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2590733549034628316.post-1647109614058532922009-07-18T22:03:50.168-07:002009-07-18T22:03:50.168-07:00Eeps, you may have just saved me a lot of time, un...Eeps, you may have just saved me a lot of time, unless I am infected. I got up this morning and noticed I had this virus on both my XP machines after running clamwin on them both.<br /><br />C:\WINDOWS\ServicePackFiles\i386\userinit.exe: Trojan.Agent-119428 FOUND<br /><br />C:\WINDOWS\system32\userinit.exe: Trojan.Agent-119428 FOUND<br /><br />Found the same errors on both machines. Do you know Zorsix Electrohttps://www.blogger.com/profile/08566690187799354571noreply@blogger.comtag:blogger.com,1999:blog-2590733549034628316.post-14865905654051371292009-07-17T07:29:48.061-07:002009-07-17T07:29:48.061-07:00Brilliant! I was just puzzling over that this morn...Brilliant! I was just puzzling over that this morning. Thanks for the verification.Anonymousnoreply@blogger.com