What is Userinit.exe

Userinit Logon Application - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Userinit.exe with description Userinit Logon Application is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is userinit.exe?
Userinit.exe is a part of Windows NT-based operating systems that handles the startup process. It is responsible for establishing network connections and starting the shell.

This process is critical to the operation of the system. Do not make any attempt to disable it. Removing it will render your system unbootable and will require a reinstallation of the operating system.

Dangers of userinit
As this is a critical system executable that is necessary for the operating system to run, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files may have the same name but be stored somewhere other than in %SystemRoot%\System32. Other malware may use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as userinit.exe:
  • Troj/Viran-B (%SystemRoot%)
    • This is a Trojan horse that allows a remote attacker to gain full control over an infected system via HTTP.
  • W32/Gommer-A (%CommonFiles%\system\(5BB5AD01-5EF7-40EC-93C7-5B152124146CA) \userinit.exe)
    • This is a Trojan horse that spreads via mIRC.
  • W32/Maddis-A (%SystemRoot%\System32\usrinit.exe)
    • This worm spreads via network shares and takes several measures to prevent itself from being detected. It opens up several ports to function as a proxy server and submits the IP address of the infected machine to a proxy list website.
  • Troj/Haxdoor-DP (%SystemRoot%)
  • W32/Malas-E (%ApplicationData%\usrinit.exe)
You should never see this process running in the Task Manager except for a few seconds after you log in. The presence of an instance of it in the task manager afterwards is a strong indicator of a malware infection.

Common problems
  • You immediately get logged out after logging in
    • This is caused by a missing or corrupt userinit.exe. Check your system for viruses and then restore it from your Windows installation disc.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
010 Installed services
033 Winlogon Userinit
034 Winlogon Shell
065 Image File Execution Options (debugger)
067 Winlogon notify
071 Notification Packages
167 HKLM Policies\Explorer\Run

Digital signatures found for this file

    Certificate 
66 Microsoft Windows Component Publisher - Microsoft Timestamping Service
41 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
29 Microsoft Windows - Microsoft Time-Stamp Service
28 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
24 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
13 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
7 Microsoft Windows Publisher - VeriSign Time Stamping Service
6 Microsoft Windows - Microsoft Timestamping Service
4 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
3 Microsoft Windows - VeriSign Time Stamping Services Signer
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
1 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
1 simplix - Symantec Time Stamping Services Signer - G4
1 Microsoft Windows 2000 Publisher - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

MD5 security rating in our database

1255 files (Not yet rated and not signed)
1 files (Not yet rated and digitally signed)
7 files (Safe and not signed)
264 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to userinit.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of userinit.exe: by 1527 files and users.

Application errors

Fix userinit.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.


Please add your comments if you have more information about this file or if you know how to solve userinit.exe application errors.


File safety :

File security rating :

Are you human? How much is 0+15:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

userint.exe UserIO.sys userkeys.exe
userkonf.exe userload.exe UserLog196.dll
usermediadent.exe usermgmt.exe UserMgr.exe
usermode.exe usernetschedule.exe UserPort.sys

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.