Somehow I have picked up a Trojan horse BackDoor Agent and it is driving me nuts. I always keep AVG up to date and also use Ccleaner on a very regular basis. I also use a registry scanner/cleaner regularly.

AVG's Resident Shield is picking up the BackDoor agent in the file C\windows\System32\userinit.exe which is a genuine windows file and cannot be deleted or healed - It is also turning off the Windows Firewall (which I turn back on again).

Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up

Have you googled the trojan name for removal instructions?

Have you googled the trojan name for removal instructions?
Yep, i have googled myself to death for a couple of days trying to find a solution but have got nowhere, the solutions either do not work or they do not make sense.

Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up

Well, you at least you're getting what you paid for then... :)

Try the Kaspersky free online virus scanner (http://www.kaspersky.com/virusscanner) and see if that'll zap it for ya.

I would reformat.

But if you are adamant about trying to clean the OS without having to reformat+reinstall, I would:

1. Download and use the clamav live cd to scan the host for viruses and clean from a clean boot environment.

2. Start computer in native OS. Install all patches.

3. Rescan using clamav live cd.

4. Check for Services that do not belong. Check Service dependencies. Remove/delete any services that are malicious and the respective binaries.

5. Check for spyware. Important to get one that will scan for keyloggers.

6. Check to see if there are any created user accounts on the host that do not belong. Remove them.

7. Change passwords for all accounts on the host.

P.S. when I run a full AVG scan it does not pick anything up

This is why I quiet using AVG and moved up to ESET NOD32. Yeah it cost but so far has been worth every penny of the $29.95 I paid for a two year subscription, which was a special promotion at the time.

NOD32 runs circles around around AVG.

This is why I quiet using AVG and moved up to ESET NOD32. Yeah it cost but so far has been worth every penny of the $29.95 I paid for a two year subscription, which was a special promotion at the time.

NOD32 runs circles around around AVG.
It doesn't find everything though.
I have been here all day trying to get rid of a Win32/Spy.Zbot.AE
trojan on my machine. NOD32 sees it trying to do something and quarantines it but it's still on the PC.

I use a combination of Malwarebytes Anti- Malware and SuperAntiSpyware. Each scans differently and if up to date then catch a lot of the Trojans that are prelevant. You may need to run Malwarebytes in Safe Mode if it can't get rid of the virus/trojan. I usually run one then the other, then reboot and run again.

Wardie

It doesn't find everything though.
I have been here all day trying to get rid of a Win32/Spy.Zbot.AE
trojan on my machine. NOD32 sees it trying to do something and quarantines it but it's still on the PC.

Well its quarantined the file so that's a plus. Have you contacted ESET support for their input on removal?

Somehow I have picked up a Trojan horse BackDoor Agent and it is driving me nuts. I always keep AVG up to date and also use Ccleaner on a very regular basis. I also use a registry scanner/cleaner regularly.

AVG's Resident Shield is picking up the BackDoor agent in the file C\windows\System32\userinit.exe which is a genuine windows file and cannot be deleted or healed - It is also turning off the Windows Firewall (which I turn back on again).

Anyone know how to get rid of this virus ?

P.S. when I run a full AVG scan it does not pick anything up
Try Malwarebytes. Great free software

I would just reformat. Viruses are now getting to be something you can't just remove. ( and I would run away from anyone that says they can remove any virus)The newer ones are no longer one file in one place. The writers have learned how to divide up the program into several places. And some can regenerate the missing parts that do get removed. While some can be simply removed. I would not take the chance. Just reformat. Then be better at what you do online.

Method of replacing userinit.exe here http://www.f-prot.com/support/windows/fpwin_faq/106.html
Brian V.

A couple of cases at the AVG free forum on this right now with no responses.....

They seem fussy about following this simple rule... http://freeforum.avg.com/read.php?15,132356,backpage=,sv=

http://freeforum.avg.com/read.php?4,176118,176125#msg-176125

Just an update to the situation Guys. I have installed and run, Stinger, Malwarebytes and SpyDoctor all tried in Safe mode and with the sytem retore tuned off. Each time it picks up the trojan(s) but fails to remove - it is looking like a complete sytem reformat :(

Sorry to hear. Looks like a reformat is the way to go :( Make sure you have everything important backed up!

If you are PC savy then take your drive out of this PC and install it as a slave drive in another XP PC then copy the required file from the good drive to the virused drive. Then move the drive back to its original unit.

If I were you I'd reformat then get Achronis so you can make a disk image of a fresh install. It won't really help with your virus but the next time you have a problem you can just restore the disk image and you will be up and running in 10 minutes. This system works best if you have a 2nd hard drive to store the disk image on.

I will back up the advice about a rebuild, Trojans are notorious about being able to re-install themselves. It will give you a piece of mind that you know it won't come back to haunt you.

Kaspersky is one of the best AVs around and Avast get's a lot of positive feedback aswell.

Interesting comments - I've used free AVG for years without an issue. It's caught any number of infection attempts and cleared them for me. It does come up with the occasional false positive but they clear pretty easily too.

I've not had this particular type of Trojan horse though.

I second the idea of Acronis - I used it on both my machines until the Mac arrived. It is fast and easy to use and comes with a try and decide function that will protect your system if you want to try a download you're not totally comfortable with - if you don't want to keep it Acronis just reverts your system to before the install.

This article (http://techblissonline.com/how-to-fix-infected-userinitexe-and-related-errors/) might help

never liked removing them, always been a Format C: guy with trojans and virii

backup all critical files onto another drive, format, install fresh OS, put AV on and then scan the backed up files

This article (http://techblissonline.com/how-to-fix-infected-userinitexe-and-related-errors/) might help
This looks to be worth a try, thanks.
It refer to 'Disable system registry before you start fixing this error' how is this done?

One of the best places on the net other than POTN ;)

http://www.bleepingcomputer.com/

Have a look here as well. (nice long list of computer goodies)

http://www.bleepingcomputer.com/forums/topic3616.html


And : "How do I get help? And who is helping me?" (http://www.bleepingcomputer.com/forums/topic182397.html)

I had a trojan about a year ago and I also couldn't delete it because it was always running in Windows. I pull out the hard drive and installed it in another computer as a slave drive. Since the windows files on the infected HD didn't load the trojan also didn't load. I navigated to the Windows System32 folder and deleted all the newest files and then ran a virus scan. Then I reinstalled the drive and reloaded with no problems.

Now I have an old laptop drive in my PC with an adapter) as my C drive with Windows XP. The Windows loads from my D drive (previously infected PC drive). I got a trojan again, and immediately shutdown the PC are rebooted with the C drive & Windows XP and delete the infection on the D drive.