Jump to content

Malwarebytes ran. BIG PROBLEMS!


Recommended Posts

So the computer was running slow. I downloaded Malwarebytes' Anti-Malware 1.34. Did a scan, and it reported back that there were a few issues. I clicked the okay button, it asked to restart the computer, and now I get a screen at startup that says there is an error with msginaex.dll and I need to contact the administrator. The only option is 'restart.'

I tried all windows safe modes and my passwords just do not work now.

I tried booting from a windows install/recovery cd and it asks for an administrator password. Nothing works.

I tried to use a bootable password recovery tool that uses a linux kernel, but it does not recognize any users in the system.

I tried using another linux boot cd to restore the deleted file msginaex.dll to the system32 directory and now I get a similar error to the original one, and the same problem as before.

How do I 'undo' what Malwarebytes' Anti-malware did if I can not log into windows AT ALL? I see the quarantined files, but it is a little cryptic to try to tell what is what in there. I am dead in the water right now and this is a BIG problem.

I would really, really, appreciate any info that can be offered here. I am not sure what else to do other than try to track down someone else who has the file msginaex.dll and try to copy it over.

Thank you very much!

Below, I retyped all of the important logfile lines because I could only view the file using a very crippled linux bootable disc to access it.

Below is the important info:

Memory Modules Infected: 1

Registry Keys Infected: 3

Files Infected: 2

Everything else is zero.

Memory Modules Infected:

C:\WINDOWS\system32\msginaex.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\System32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\System32\msginaex.dll (Trojan.vundo) -> Delete on reboot.

Link to post
Share on other sites

Exactly what CD is this?

The Windows XP Pro sp1a installation disc that came with the computer. The weird thing about it asking for the password for Administrator is that there is not a user by the name of Administrator on the machine.

I am accessing the machine now by using the UBDC disc that I used the aforementioned XP Pro install disc to build it.

Link to post
Share on other sites

The Windows XP Pro sp1a installation disc that came with the computer. The weird thing about it asking for the password for Administrator is that there is not a user by the name of Administrator on the machine.

I am accessing the machine now by using the UBDC disc that I used the aforementioned XP Pro install disc to build it.

I tried to restore the file msginaex.dll with it and it does not work. As I understand the default windows file that it loads for the graphical user login should be msgina.dll. When I open the hklm\software\microsoft\windows nt\currentversion\winlogon I do not see any reference to either file, however.

Link to post
Share on other sites

The problem with trying to run a repair is that it prompts for a password before I can make any changes.

Is there no way to revert these few changes that MBAM made? I see these files in the quarantine folder, is there no way to undo without getting back into windows?

msginaex.dll

Google and my own system 32 folder both confirm this is not a standard windows file, it looks like vundo, you probably have a registry problem, no idea why it hosed booting tho.

I hate to see anyone use a XP sp1a to repair with but

http://www.michaelstevenstech.com/XPrepairinstall.htm

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.