msimg32.dll is reported as infected by w32.rogue.gen

  • 19 November 2014
  • 43 replies

Show first post

43 replies

Userlevel 1
Roy, I assume your question was directed at/to Rakanisheu...
Userlevel 7
@ wrote:
Roy, I assume your question was directed at/to ...
I am David, and I was directing it to Rakanisheu  :)  
Userlevel 1
Sorry David. I get a bit anxious when I have two broken systems... :mantongue:
Userlevel 7
Ok I am testing this on a VM to see if I can brick my Win 8.1. In the meantime can you run a system file check to make sure the rest of the system is OK
To open Command prompt and run in elevated mode, follow these steps.
a. From Start screen, type Command prompt.
b. Right-click on Command Prompt and choose Run as Adminstrator.
c. Now in the command prompt window,  type sfc /scannow (note, there is a space between sfc and/scannow)
Can you try that and let me know if there were any integrity issues. 
Userlevel 1
Roger. System Scan is now running...
Userlevel 1
Verification is now 43% complete and running OK..
Userlevel 1
Joy, Joy, Joy!!!  The system scan successfully restored msimg32.dll to c:windowssysWOW64 and Webroot is running great!
I can NOT thank you enough for helping me resolve this problem in a timely manor!
After checking the Webroot quarantine, the missing file msimg32.dll was, indeeed, quarantined by WSA; the files were in the Windows 8.1 System32 and sysWOW64 subdirectories.
Userlevel 7
EDIT just seen your reply! Glad to hear your back up and running. I have to fix my own Win 8.1 VM which I have completely destroyed :D My shift is just finished if you have any further issues please reply to the support ticket.
Userlevel 7
@ and @ , thank you both for the full explanations in the replies above... I have learned a lot and hopefully if we see another example of this I will know what to suggest to help get it fixed a bit quicker!
I should have elaborated more on what i've tried, and troubleshooting steps I've taken in my original post.  However, upon returning to the thread, I'm happy to see that a lot of other people were able to contribute valuable pieces of information.
Anyway, I still seem to have a related problem as I did originally although now webroot is NOT detecting the same msimg32.dll as "infected".  Rather, it seems that webroot is now blocking the execution of that file or the processes associated with it.  Symptoms of this problem are that when I start up Chrome or IE, it will instantly crash the minute i run a search on it or visit a page other than the home page.
If I "shut down protection" on webroot, the problem immediately goes away.  I am able to browse across browsers as normal.
Another interesting point of note...
The aforementioned problem happens after a reboot of the machine: can't browse web pages via browsers.
If i shut down webroot and then start it back up, the problem goes away.
I've experienced this problem on two different Windows 8.1 installations.  One of them was a Microsoft Surface installed with Windows 8.1.  The other is a desktop of mine with Windows 8.1 installed on it.  The latter was originally affected by webroot removal of the file (I ran sfc /scannow; it was still unrecoverable, same with system restore) so I just clean formatted the drive/volume.  It should be noted that the reformatted machine still has the problem even after a clean format of Windows 8.1, all MS updates and Webroot.
The problem is entirely 'livable' at the moment, just a little iritating. 😉
Userlevel 7
Have you modified the default settings in WSA? As none of what you describes sound normal or related to this issue at all.
nope, i haven't modified the default settings of WSA at all on any of my machines.  With the second machine I'm having problems with is a clean install of literally everything (OS, webroot, MS updates).  
The reason I think it may be related is because, prior to reformatting my drive, when webroot actually removed the "msimg32.dll" from the system I was experiencing the same browser problems where it would automatically close on me.  I think another user in this thread reported the same thing.
After talking to a pretty helpful Webroot customer service rep this afternoon, I got the computer back to a System Restore point from late Monday night, made sure the Webroot definitions were up-to-date and did several scans free of infection, I (foolishly) tried to apply the same two Windows Updates that got me in the same fix last night, this time after re-start, Webroot detected msimg32.dll this time as Win32.LocalInfect.2. I'm just going to throw this laptop in a lake.
Userlevel 7
Hello @ 

Welcome to the Community,

Would you try this before you throw that laptop in the lake. As one of our Moderators said in this earlier thread was to do this.
You may un-quarantine and restore the file that was quarantined by the Webroot SecureAnywhere software if you have not already done so. To restore the file:

1. Open on the cog icon next to PC Security.
2. Click the Quarantine tab.
3. Click the check box next to the filename, then click Restore.
Then reboot your PC, should be fixed then. 

Then try this.
To open Command prompt and run in elevated mode, follow these steps.
a. From Start screen, type Command prompt.
b. Right-click on Command Prompt and choose Run as Adminstrator.
c. Now in the command prompt window, type sfc /scannow (note, there is a space between sfc and/scannow)

If this doesn't help you can always issue another support ticket!

Sorry for your troubles,

Best Regards,
I've followed your advice and everything looks back to normal. Now to apply those new Windows Updates. *crosses fingers*
Userlevel 7
Hi brokemu,

That's great! Let us know how that goes because this will help others as well!

Have a goodnight! Thanks for the update!

Best Regards,
Everything's good to go...finally. Thanks for pointing me in the right direction.
Userlevel 7
Hello brokemu,

That's really great news! Again thanks for that update! Come on back anytime. :)

Best Regards!