Solved

msimg32.dll is reported as infected by w32.rogue.gen

  • 19 November 2014
  • 43 replies
  • 1232 views


Show first post

43 replies

Userlevel 1
That's it EXACTLY!!!  Only WSA (and/or AVG) doesn't run because of the missing DLL.
Userlevel 7
Roy, 
 
Sorry for interrupting here, but I wanted to ask if it would be OK with you for us to reference your file download for any other users who have similar issues with not being able to un-quarantine the file?
Userlevel 1
Roy, I assume your question was directed at/to Rakanisheu...
Userlevel 1
Roger. System Scan is now running...
Userlevel 1
Verification is now 43% complete and running OK..
I should have elaborated more on what i've tried, and troubleshooting steps I've taken in my original post.  However, upon returning to the thread, I'm happy to see that a lot of other people were able to contribute valuable pieces of information.
 
Anyway, I still seem to have a related problem as I did originally although now webroot is NOT detecting the same msimg32.dll as "infected".  Rather, it seems that webroot is now blocking the execution of that file or the processes associated with it.  Symptoms of this problem are that when I start up Chrome or IE, it will instantly crash the minute i run a search on it or visit a page other than the home page.
 
If I "shut down protection" on webroot, the problem immediately goes away.  I am able to browse across browsers as normal.
 
Another interesting point of note...
The aforementioned problem happens after a reboot of the machine: can't browse web pages via browsers.
If i shut down webroot and then start it back up, the problem goes away.
 
I've experienced this problem on two different Windows 8.1 installations.  One of them was a Microsoft Surface installed with Windows 8.1.  The other is a desktop of mine with Windows 8.1 installed on it.  The latter was originally affected by webroot removal of the file (I ran sfc /scannow; it was still unrecoverable, same with system restore) so I just clean formatted the drive/volume.  It should be noted that the reformatted machine still has the problem even after a clean format of Windows 8.1, all MS updates and Webroot.
 
The problem is entirely 'livable' at the moment, just a little iritating. 😉
nope, i haven't modified the default settings of WSA at all on any of my machines.  With the second machine I'm having problems with is a clean install of literally everything (OS, webroot, MS updates).  
 
The reason I think it may be related is because, prior to reformatting my drive, when webroot actually removed the "msimg32.dll" from the system I was experiencing the same browser problems where it would automatically close on me.  I think another user in this thread reported the same thing.
After talking to a pretty helpful Webroot customer service rep this afternoon, I got the computer back to a System Restore point from late Monday night, made sure the Webroot definitions were up-to-date and did several scans free of infection, I (foolishly) tried to apply the same two Windows Updates that got me in the same fix last night, this time after re-start, Webroot detected msimg32.dll this time as Win32.LocalInfect.2. I'm just going to throw this laptop in a lake.
Userlevel 7
Badge +62
Hi brokemu,

That's great! Let us know how that goes because this will help others as well!

Have a goodnight! Thanks for the update!

Best Regards,
Userlevel 7
Badge +62
Hello brokemu,

That's really great news! Again thanks for that update! Come on back anytime. :)

Best Regards!
I have nearly the exact same scenario:  same OS (Windows 8.1), same lack of infections using Webroot, same Windows Updates, then the same subsequent infected file from the same Trojan, same thought of false positive. The only difference for me was Webroot was to remove the Trojan upon restart, only to not be able to sign into my computer afterwards.
I had 4 Win 8.1 machines wth Webroot to which I applied KB3000850, and of these only one had no problem, though on it I had to override WSA's attempt to quarantine msimg32.dll. Of the others, two are hung at the login screen; I'll have to restore them from a Windows Home Sever backup, if I can. The last is usable but crippled by the missing msimg32.dll. It was a brand new computer unboxed days ago, barely used, so I think it's unlikely that it could have had an infection.
 
I think this may prove to be a big time problem for WSA users.
Userlevel 1
I' ve basically got two semi-bricked systems becasue Webroot apparently either blocked or quarantined Msimg32.dll, so now I get a Windows 8.1 message that this DLL is mssing; as a result, neither Webroot WSA Complete or AVG will run on either system.
 
Like a previous poster, I tried two different Windows restores and they both failed.
 
What am I supposed to do NOW???
Userlevel 1
Unfortunately your suggestion didn't work. When I bring up Windows 8.1 in Safe Mode, I still get the same message about the missing dll, so therefore I am unable to "unquarantine" Msimg32.dll.
Userlevel 7
Thank you :)
 
Please do not attempt to add to the ticket or update it until you have heard from Support, that will slow down the response to you by altering the date/time stamp on the ticket.  Webroot Support is usually not instant, but it is usually quite fast, within an hour or two for me usually when I file a ticket.
Userlevel 1
I wished I could. WSA does not start or run because of the missing DLL, therefore I am unable to restore this dll from quarantine using the method you describe.  That is what I've been trying to explain; WSA is NOT running on the bricked systems.
Userlevel 1
I also got the same missing dll message after booting WIndows 8.1 in Safe Mode, so that doesn't work either.
Userlevel 1
I have already tried to copy in the missing dll and WSA still does NOT run.
 
Yes, I can use Internet Explorer on the affected systems after I get three or four messages about msimg32.dll being missing. I just have NO security on the two affected systems.

Reply