Userini.exe removal [Virus/Worm/Trojan]
• Sophos: Mal/FakeAV-CZ
• Bitdefender: Trojan.Generic.4374174
• Panda: Bck/Bredolab.AZ
• Eset: Win32/SpamTool.Tedroo.AF
This is a virus that was recently discovered by many of the anti-viruses and is spreading rapidly these days. If you found the process userini.exe running in your computer, then you have come to the right place. But in some cases, this virus embeds itself with other processes such as the explorer.exe and generates an error. If you want to get rid of this, you might as well follow our instructions given below.
It uses the classic mail system as its method of propagation from one computer to another. You receive a mail with an attractive subject and a body along with an attachment. When you open or download this attachment, the userini virus gets executed. If this dint happen, any other Trojan which is already present in your computer might have downloaded userini.exe.
Once executed, the worm modifies the registry rapidly thus helping itself to start on every boot. During the execution of its process, it pings to malicious addresses from which files are downloaded and executed without the user's knowledge. Userini.exe virus also scans the complete system for email addresses and mails itself to all the addresses found. This way, it spreads its malicious code to your contacts.
When you or an anti-virus installed, make an attempt to remove the files, they forget to undo the Registry modifications done by the virus thus resulting in a windows error at every startup. Follow the instructions below to make your error disappear.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
• Bitdefender: Trojan.Generic.4374174
• Panda: Bck/Bredolab.AZ
• Eset: Win32/SpamTool.Tedroo.AF
What is userini.exe?
This is a virus that was recently discovered by many of the anti-viruses and is spreading rapidly these days. If you found the process userini.exe running in your computer, then you have come to the right place. But in some cases, this virus embeds itself with other processes such as the explorer.exe and generates an error. If you want to get rid of this, you might as well follow our instructions given below.
How did userini.exe virus enter my system?
It uses the classic mail system as its method of propagation from one computer to another. You receive a mail with an attractive subject and a body along with an attachment. When you open or download this attachment, the userini virus gets executed. If this dint happen, any other Trojan which is already present in your computer might have downloaded userini.exe.
What does userini virus do?
Once executed, the worm modifies the registry rapidly thus helping itself to start on every boot. During the execution of its process, it pings to malicious addresses from which files are downloaded and executed without the user's knowledge. Userini.exe virus also scans the complete system for email addresses and mails itself to all the addresses found. This way, it spreads its malicious code to your contacts.
Why am I getting userini.exe error?
When you or an anti-virus installed, make an attempt to remove the files, they forget to undo the Registry modifications done by the virus thus resulting in a windows error at every startup. Follow the instructions below to make your error disappear.
Instructions to remove virus userini.exe:
- Begin by restarting the system in the Safe Mode. This way, most of the viruses don't get a chance to run. Click here if you're finding trouble booting in the Safe Mode.
- The userini.exe virus makes several modifications to the Registry. It adds its code to windows processes. Lets undo all the Registry modifications done by the worm. Go to start --> Run and type
regeditto open the Registry Editor. Delete the keys shown below
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Search for the following key on the right side and delete it.
"userini"="%WINDIR%\explorer.exe:userini.exe"
Search and delete the same entry in the following keys:
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run
Now navigate to the following key:
HKey_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Explorer
Delete the entry
• "id"="%hex values%"
• "remove"="%executed file%"
Once you've done that, pressCtrl+Fto open the Find box. Typeuserini.exeand make a search for the worm. If you find any key associated with this worm, open it and remove the path of the file userini.exe. Restart your system again in the Safe Mode after doing this. - The worm won't launch on your computer anymore. But make sure you delete all the files in your temporary folder. If you've downloaded the worm from a mail, check your downloads folder and delete it manually.
- There are cases where the worm might actually delete the complete explorer.exe file and replace it with a malicious one. So if you're still getting errors, you'll need to download a new explorer.exe file.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.