Archive for the 'Winlogon\UserInit' Category

What is desktoplayer.exe, How to remove desktoplayer.exe

Thursday, October 21st, 2010

desktoplayer.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: desktoplayer
Filename: desktoplayer.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon | Userinit

Command: c:\program files\microsoft\desktoplayer.exe
Startup Type: HKLM->Winlogon->Userinit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

DDS Line:

mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=”c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe”

Description: component of Win32.ramnit trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is Antispyware.exe, How to remove Antispyware.exe

Saturday, February 20th, 2010

Antispyware.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antispyware.exe
Filename: Antispyware.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\Program Files\Def Group\PC Defender\Antispyware.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Description: core component of PC Defender. PC Defender is a rogue antispyware program.

How to remove: use these PC Defender removal instructions.

What is sdra64.exe, How to remove sdra64.exe

Sunday, January 17th, 2010

sdra64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sdra64
Filename: sdra64.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\WINDOWS\system32\sdra64.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

Description: core component of trojan ZBot also known as Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab], PWS:Win32/Zbot.gen!R [Microsoft], Mal/Zbot-O [Sophos], Infostealer.Banker.C [Symantec]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is winlogon32.exe, How to remove winlogon32.exe

Thursday, January 7th, 2010

winlogon32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon32
Filename: winlogon32.exe
Registry key|value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit = “C:\WINDOWS\system32\winlogon32.exe”

Command: C:\WINDOWS\system32\winlogon32.exe
Startup Type: WinLogon->UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

Description: component of trojan FakeAlert

How to remove: use these winlogon32.exe removal instructions.