AVG continually reporting c:\Windows\System32\wininit.exe is a trojan

Hi all,

This AVG popup message started appearing today and I have so far been unsuccessful in eradicating the issue - despite trying MBAM (didn’t see a problem) and Hitman Pro (seemed to clean the file but on reboot my Lenovo “repair” facility kicked in as it couldn’t start Windows normally).

Please help me as this is slowly driving me insane.

I have just run an OTL scan, as described in your guide, but the logfiles are too big to post.

Can someone give me somewhere to send the log files to so they can take a look and help me out?

Many thanks,
Dazster

AVG? This is avast forum? How can we help you?

http://mediafire.com

I have just run an OTL scan, as described in your guide, but the logfiles are too big to post.
Do you mean to big to attach ?

Lower left corner: Additional Options > Attach

Suspect files should be sent to virustotal where there are 43 different scanners to give an idea if the detection is good or bad.

@ Altarir
We don’t want the forums to become a quasi malware distribution center by using file sharing sites, where we have no control over who downloads it or what purpose they put it. So please don’t suggest file sharing sites.

Please remove the link to a file share site, so as not to give any idea that could put others at risk.

AVG problems really should be dealt with at the AVG forums.

OP was asking where to upload OTL log. essexboy used to ask to upload them to mediafire in case they are too big to attach. why didn’t you critize him but critize me for linking there?

And i thought it was a malware problem

Well it is a malware problem but the user is not on avast!. This is avast! support forum not AVG support forum.

the good thing about avast! forum is/was that everyone got help if we could help, (with lots of stuff) and my guess is that Essexboy can look at those log`s whatever AV installed ?

My apologies I thought you were on about the detected sample. I still think the correct location for the log and avast related problem )it detected the malware) is the AVG forums as if this is a false positive, how would they get to know about it or correct it.

As I mentioned in my last post to Altarir, by avoiding the AVG forum it is hardly going to help resole an AVG problem of detection (AVG continually reporting c:\Windows\System32\wininit.exe is a trojan) if that is what it is.

Look this is avast! support forum meant for avast! users and not AVG users. If the user wants he can go to http://www.geekstogo.com/ and essexboy or some other malware removal expert will help them. Personally i feel that the helpers on this forum allready have enough on their hands trying to help avast users.

There are forums that specialze in malware removal(like geekstogo) so that would be the OP’s best bet.

Media fire is a perfect sharing site in my opinion. There is no problem with Altarir’s suggestion in my opinion.
You can download malware and you can download clean files.
What you can’t is to live link to malware.
avast should remove the 200k limitation to file attached, then we can stop suggesting 3rd party sites.

+1
Or better, uninstall AVG and install avast :slight_smile:

Guys, I’ve attached the extras.txt logfile - thanks for the pointer.

Also, I’ve installed avast as an alternative to AVG. So now I am on the right forum :wink:

My initial scan with avast shows that both explorer.exe and wininit.exe have a status of “Threat: Win32:Bamital-AC”. Attempting to repair these yields the result; “Error: The process cannot access the file because it is being used by another process (32)”, while attempting to move them to the chest yields the result; “Error: The specified file is read only (6009)”.

I suppose you’ve fully uninstalled AVG… and you’re not running both at the same time… Disable is not enough.

You suppose correctly.

Is anyone interested in looking into this? If not, no worries, I know the ultimate solution and it’s latest release is coming out this month. Ubuntu!

Hitman Pro removes Bamital.

http://hitmanpro.wordpress.com/2010/08/22/bamital-drooptroop-remediation/