Jump to content

USERINIT.EXE - A new startup

Guest ms

By Guest ms
in Windows 2000 Workstation

 Share

Recommended Posts

Guest ms

Guest ms

Posted
Posted

I normally have a very stable W2K system.

 

This AM, I ran a utility that removes all instances of McAfee products, I

didn't ever install McAfee, but the program instantly executed and was

not able to be stopped. It apparently didn't find anything.

 

But since then, I have a alert utility, and get frequent notices that

USERINIT.EXE wants to be added to windows startup. I finally allowed it,

rebooted, everything *seems* normal, but I am concerned, as W2K has daily

cold booted fine for over 2 years w/o this startup.

 

Below is the report on the USERINIT.EXE now in my system. I don't know if

it replaced an earlier version, as I never before had occasion to look at

it. The MD5 does not agree with a web site value I found.

-----------

File: C:\WINNT\system32\USERINIT.EXE

Size: 17680 bytes

File Version: 5.00.2195.6612

Modified: Thursday, June 19, 2003, 11:05:04 AM

MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

CRC32: 53C3D624

-----------

 

I searched the net and find 2 opinions, it is normal and leave it alone,

(if so why a startup now)

 

or- it is a virus and remove it. (replace with what?)

 

Question

What is the correct specs for USERINIT.EXE? If it is wrong, where to

locate a good version?

 

Is it a normal startup? And if so, why now?

 

Advice?

 

ms

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: USERINIT.EXE - A new startup

 

 

"ms" <ms@invalid.com> wrote in message

news:6ati4dF3854ofU1@mid.individual.net...

>I normally have a very stable W2K system.

>

> This AM, I ran a utility that removes all instances of McAfee products, I

> didn't ever install McAfee, but the program instantly executed and was

> not able to be stopped. It apparently didn't find anything.

>

> But since then, I have a alert utility, and get frequent notices that

> USERINIT.EXE wants to be added to windows startup. I finally allowed it,

> rebooted, everything *seems* normal, but I am concerned, as W2K has daily

> cold booted fine for over 2 years w/o this startup.

>

> Below is the report on the USERINIT.EXE now in my system. I don't know if

> it replaced an earlier version, as I never before had occasion to look at

> it. The MD5 does not agree with a web site value I found.

> -----------

> File: C:\WINNT\system32\USERINIT.EXE

> Size: 17680 bytes

> File Version: 5.00.2195.6612

> Modified: Thursday, June 19, 2003, 11:05:04 AM

> MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

> SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

> CRC32: 53C3D624

> -----------

>

> I searched the net and find 2 opinions, it is normal and leave it alone,

> (if so why a startup now)

>

> or- it is a virus and remove it. (replace with what?)

>

> Question

> What is the correct specs for USERINIT.EXE? If it is wrong, where to

> locate a good version?

>

> Is it a normal startup? And if so, why now?

>

> Advice?

>

> ms

 

Here are the details of the original Win2000 userinit.exe:

--a-- W32i APP ENU 5.0.2159.1 shp 17,168 11-30-1999 userinit.exe

 

The file gets executed each time you log on, i.e. after you have

entered your user-ID and password.

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: USERINIT.EXE - A new startup

 

From: "ms" <ms@invalid.com>

 

| I normally have a very stable W2K system.

|

| This AM, I ran a utility that removes all instances of McAfee products, I

| didn't ever install McAfee, but the program instantly executed and was

| not able to be stopped. It apparently didn't find anything.

|

| But since then, I have a alert utility, and get frequent notices that

| USERINIT.EXE wants to be added to windows startup. I finally allowed it,

| rebooted, everything *seems* normal, but I am concerned, as W2K has daily

| cold booted fine for over 2 years w/o this startup.

|

| Below is the report on the USERINIT.EXE now in my system. I don't know if

| it replaced an earlier version, as I never before had occasion to look at

| it. The MD5 does not agree with a web site value I found.

| -----------

| File: C:\WINNT\system32\USERINIT.EXE

| Size: 17680 bytes

| File Version: 5.00.2195.6612

| Modified: Thursday, June 19, 2003, 11:05:04 AM

| MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

| SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

| CRC32: 53C3D624

| -----------

|

| I searched the net and find 2 opinions, it is normal and leave it alone,

| (if so why a startup now)

|

| or- it is a virus and remove it. (replace with what?)

|

| Question

| What is the correct specs for USERINIT.EXE? If it is wrong, where to

| locate a good version?

|

| Is it a normal startup? And if so, why now?

|

| Advice?

|

| ms

|

 

Unless it has been Trojanized (patched) it is legitimate.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest ms

Guest ms

Posted
Posted

Re: USERINIT.EXE - A new startup

 

ms <ms@invalid.com> wrote in news:6ati4dF3854ofU1@mid.individual.net:

> I normally have a very stable W2K system.

>

> This AM, I ran a utility that removes all instances of McAfee

> products, I didn't ever install McAfee, but the program instantly

> executed and was not able to be stopped. It apparently didn't find

> anything.

>

> But since then, I have a alert utility, and get frequent notices that

> USERINIT.EXE wants to be added to windows startup. I finally allowed

> it, rebooted, everything *seems* normal, but I am concerned, as W2K

> has daily cold booted fine for over 2 years w/o this startup.

>

> Below is the report on the USERINIT.EXE now in my system. I don't know

> if it replaced an earlier version, as I never before had occasion to

> look at it. The MD5 does not agree with a web site value I found.

> -----------

> File: C:\WINNT\system32\USERINIT.EXE

> Size: 17680 bytes

> File Version: 5.00.2195.6612

> Modified: Thursday, June 19, 2003, 11:05:04 AM

> MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

> SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

> CRC32: 53C3D624

> -----------

>

> I searched the net and find 2 opinions, it is normal and leave it

> alone, (if so why a startup now)

>

> or- it is a virus and remove it. (replace with what?)

>

> Question

> What is the correct specs for USERINIT.EXE? If it is wrong, where to

> locate a good version?

>

> Is it a normal startup? And if so, why now?

>

> Advice?

>

> ms

>

>

Thanks to all.

 

I had in Winnt\NT Service Pack Uninstall folder:

userinit.exe 2195.3649 17,680 7/22/02

 

In Winnt\Service Pack\386 folder:

userinit.exe 2195.6612 17,680 6/17/03

 

Neither is exactly the one mentioned in Pegasus's post.

 

Which one is better to use in C:\WINNT\system32\ ?

 

I did not understand this in that post: --a-- W32i APP ENU, is this a

location on the CD?

 

The other question remains: if this is updated every time I log in, why

was it suddenly a startup when never before? and is that OK?

 

Thanks

 

ms

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: USERINIT.EXE - A new startup

 

See below.

 

"ms" <ms@invalid.com> wrote in message

news:6b04o8F39ebdjU1@mid.individual.net...

> ms <ms@invalid.com> wrote in news:6ati4dF3854ofU1@mid.individual.net:

>

>> I normally have a very stable W2K system.

>>

>> This AM, I ran a utility that removes all instances of McAfee

>> products, I didn't ever install McAfee, but the program instantly

>> executed and was not able to be stopped. It apparently didn't find

>> anything.

>>

>> But since then, I have a alert utility, and get frequent notices that

>> USERINIT.EXE wants to be added to windows startup. I finally allowed

>> it, rebooted, everything *seems* normal, but I am concerned, as W2K

>> has daily cold booted fine for over 2 years w/o this startup.

>>

>> Below is the report on the USERINIT.EXE now in my system. I don't know

>> if it replaced an earlier version, as I never before had occasion to

>> look at it. The MD5 does not agree with a web site value I found.

>> -----------

>> File: C:\WINNT\system32\USERINIT.EXE

>> Size: 17680 bytes

>> File Version: 5.00.2195.6612

>> Modified: Thursday, June 19, 2003, 11:05:04 AM

>> MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

>> SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

>> CRC32: 53C3D624

>> -----------

>>

>> I searched the net and find 2 opinions, it is normal and leave it

>> alone, (if so why a startup now)

>>

>> or- it is a virus and remove it. (replace with what?)

>>

>> Question

>> What is the correct specs for USERINIT.EXE? If it is wrong, where to

>> locate a good version?

>>

>> Is it a normal startup? And if so, why now?

>>

>> Advice?

>>

>> ms

>>

>>

> Thanks to all.

>

> I had in Winnt\NT Service Pack Uninstall folder:

> userinit.exe 2195.3649 17,680 7/22/02

>

> In Winnt\Service Pack\386 folder:

> userinit.exe 2195.6612 17,680 6/17/03

>

> Neither is exactly the one mentioned in Pegasus's post.

 

*** This is probably due to mine being the original CD version

*** whereas yours has been updated by service packs.

> Which one is better to use in C:\WINNT\system32\ ?

 

*** Use the one you have. It is most likely the current version.

> I did not understand this in that post: --a-- W32i APP ENU, is this a

> location on the CD?

 

*** It is what filever.exe reports. "W32i" probably means "Windows

*** 32 bits Intel", "App" I don't know and "ENU" is probably

*** "English Update".

> The other question remains: if this is updated every time I log in, why

> was it suddenly a startup when never before? and is that OK?

 

*** What makes you think it gets updated each time you log on?

*** What do you mean with "it was suddenly a startup"?

> Thanks

 

*** You're welcome.

Guest ms

Guest ms

Posted
Posted

Re: USERINIT.EXE - A new startup

 

"Pegasus \(MVP\)" <I.can@fly.com.oz> wrote in news:ur9XplNyIHA.552

@TK2MSFTNGP06.phx.gbl:

> See below.

>

> "ms" <ms@invalid.com> wrote in message

> news:6b04o8F39ebdjU1@mid.individual.net...

>> ms <ms@invalid.com> wrote in news:6ati4dF3854ofU1@mid.individual.net:

>>

>>> I normally have a very stable W2K system.

>>>

>>> This AM, I ran a utility that removes all instances of McAfee

>>> products, I didn't ever install McAfee, but the program instantly

>>> executed and was not able to be stopped. It apparently didn't find

>>> anything.

>>>

>>> But since then, I have a alert utility, and get frequent notices that

>>> USERINIT.EXE wants to be added to windows startup. I finally allowed

>>> it, rebooted, everything *seems* normal, but I am concerned, as W2K

>>> has daily cold booted fine for over 2 years w/o this startup.

>>>

>>> Below is the report on the USERINIT.EXE now in my system. I don't

know

>>> if it replaced an earlier version, as I never before had occasion to

>>> look at it. The MD5 does not agree with a web site value I found.

>>> -----------

>>> File: C:\WINNT\system32\USERINIT.EXE

>>> Size: 17680 bytes

>>> File Version: 5.00.2195.6612

>>> Modified: Thursday, June 19, 2003, 11:05:04 AM

>>> MD5: BF179C5B8A722CC79AEF1CA90D6C7D48

>>> SHA1: C2FCBB92026AC10FE1EDFD52ECAE3521375C210C

>>> CRC32: 53C3D624

>>> -----------

>>>

>>> I searched the net and find 2 opinions, it is normal and leave it

>>> alone, (if so why a startup now)

>>>

>>> or- it is a virus and remove it. (replace with what?)

>>>

>>> Question

>>> What is the correct specs for USERINIT.EXE? If it is wrong, where to

>>> locate a good version?

>>>

>>> Is it a normal startup? And if so, why now?

>>>

>>> Advice?

>>>

>>> ms

>>>

>>>

>> Thanks to all.

>>

>> I had in Winnt\NT Service Pack Uninstall folder:

>> userinit.exe 2195.3649 17,680 7/22/02

>>

>> In Winnt\Service Pack\386 folder:

>> userinit.exe 2195.6612 17,680 6/17/03

>>

>> Neither is exactly the one mentioned in Pegasus's post.

>

> *** This is probably due to mine being the original CD version

> *** whereas yours has been updated by service packs.

>

>> Which one is better to use in C:\WINNT\system32\ ?

>

> *** Use the one you have. It is most likely the current version.

>

>> I did not understand this in that post: --a-- W32i APP ENU, is this a

>> location on the CD?

>

> *** It is what filever.exe reports. "W32i" probably means "Windows

> *** 32 bits Intel", "App" I don't know and "ENU" is probably

> *** "English Update".

>

>> The other question remains: if this is updated every time I log in,

why

>> was it suddenly a startup when never before? and is that OK?

>

> *** What makes you think it gets updated each time you log on?

> *** What do you mean with "it was suddenly a startup"?

>

>> Thanks

>

> *** You're welcome.

>

>

I mis-spoke. You said:

"The file gets executed each time you log on, i.e. after you have

entered your user-ID and password."

 

In my OP:

"But since then, I have a alert utility, and get frequent notices that

USERINIT.EXE wants to be added to windows startup. I finally allowed it,

rebooted, everything *seems* normal, but I am concerned, as W2K has daily

cold booted fine for over 2 years w/o this startup. "

 

If it was not a *startup* entry for about 3 years, and is a normal file,

why now?. I notice it is a running service. (Autoruns) I don't see it in

any of my startup process utilities.

 

ms

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: USERINIT.EXE - A new startup

 

> I mis-spoke. You said:

> "The file gets executed each time you log on, i.e. after you have

> entered your user-ID and password."

>

> In my OP:

> "But since then, I have a alert utility, and get frequent notices that

> USERINIT.EXE wants to be added to windows startup. I finally allowed it,

> rebooted, everything *seems* normal, but I am concerned, as W2K has daily

> cold booted fine for over 2 years w/o this startup. "

>

> If it was not a *startup* entry for about 3 years, and is a normal file,

> why now?. I notice it is a running service. (Autoruns) I don't see it in

> any of my startup process utilities.

>

> ms

 

Sorry, I cannot comment on your observation. I am not familiar

with your "alert" facility but I suspect that it is alerting you about

a non-existent danger.

Guest ms

Guest ms

Posted
Posted

Re: USERINIT.EXE - A new startup

 

"Pegasus \(MVP\)" <I.can@fly.com.oz> wrote in

news:OUy1hYSyIHA.5472@TK2MSFTNGP06.phx.gbl:

>

>> I mis-spoke. You said:

>> "The file gets executed each time you log on, i.e. after you have

>> entered your user-ID and password."

>>

>> In my OP:

>> "But since then, I have a alert utility, and get frequent notices

>> that USERINIT.EXE wants to be added to windows startup. I finally

>> allowed it, rebooted, everything *seems* normal, but I am concerned,

>> as W2K has daily cold booted fine for over 2 years w/o this startup.

>> "

>>

>> If it was not a *startup* entry for about 3 years, and is a normal

>> file, why now?. I notice it is a running service. (Autoruns) I don't

>> see it in any of my startup process utilities.

>>

>> ms

>

> Sorry, I cannot comment on your observation. I am not familiar

> with your "alert" facility but I suspect that it is alerting you about

> a non-existent danger.

>

>

>

At this point, user logon is normal, else is normal. My startup utilities

don't recognize anything unusual, so I guess OK.

 

BTW, my "alert" utility is WinPatrol, a fine process control application.

 

Thank you for the help in this thread. My only remaining task in W2K/SP4

is to save my data and then finally install the old rollup patch. Due to

my browsing habits, missing security patches haven't caused problems.

 

ms

  • 5 weeks later...
Guest Steph

Guest Steph

Posted
Posted

Re: USERINIT.EXE - A new startup

 

Pegasus wrote

> *** It is what filever.exe reports. "W32i" probably means "Windows

> *** 32 bits Intel", "App" I don't know and "ENU" is probably

> *** "English Update".

 

Actually, "ENU" stands for English (USA) - "ENG" would be English (GB),

and so on...

 

Cheers

 

--

Steph

 Share
Go to topic listing
×
×
  • Create New...