msgina.dll problem

Started by Shadrok, September 13, 2010, 11:15:36 PM

Previous topic - Next topic

Shadrok

Just had my desktop give me this error massage at start up

The application or DLL C:\WINDOWS\system32\MSGINA.dll
is not a valid Windows image. Please check this against
your installation diskette.

[OK]

Followed by this after hitting OK.

Contact your system administrator
to replace the DLL, or restore the original DLL.

[Restart]

I hit restart and it just becomes a loop of hitting OK, restart, Ok.... so on and so forth.

I've tried to run "Last known good configuration"
and
expand D:\i386\msgina.dl_ .\
with the windows CD

all of which have not helped.

I'm running Windows XP pro.
Hopefully someone here can help me out, and thanks in advance.
 

Dekari

I may be better than average with computers, but something like this is beyond my limits.


However, a quick google search pulled up this article.  Might be worth a try.
I somehow get the feeling that you didn't think your cunning plan all the way through.

Thanks go to Kipiru and Rhyfe for the art work used in avatars.

http://drakedekari.deviantart.com/

hapless

Either serious disk data corruption, or you have a rootkit that tries to replace Microsoft's GINA with its own version and got broken.
Your Windows CD won't help much, assuming the CD contains "original" or SP2 version and you have SP3 installed.
You can try downloading the full SP3, extracting it via "WindowsXP-KB936929-SP3-x86-ENU.exe /x" command on a working PC,
then expanding msgina.dl_ if necessary (don't remember) and putting that DLL in. But, may still not help if it's a broken rootkit, or if you had some more Windows Update patches that make SP3 GINA "too old".

In any case... you may want to do a full system scan with a bootable antivirus like AntiVir Rescue System (the curent donload is always up to date) or F-Secure Rescue CD (needs internet access to retrieve current virus data) first.

Good luck.
Chaosnet device not responding - check breaker on the Unibus

Shadrok

Quote from: hapless on September 14, 2010, 07:14:46 AM
Either serious disk data corruption, or you have a rootkit that tries to replace Microsoft's GINA with its own version and got broken.
Your Windows CD won't help much, assuming the CD contains "original" or SP2 version and you have SP3 installed.
You can try downloading the full SP3, extracting it via "WindowsXP-KB936929-SP3-x86-ENU.exe /x" command on a working PC,
then expanding msgina.dl_ if necessary (don't remember) and putting that DLL in. But, may still not help if it's a broken rootkit, or if you had some more Windows Update patches that make SP3 GINA "too old".

In any case... you may want to do a full system scan with a bootable antivirus like AntiVir Rescue System (the curent donload is always up to date) or F-Secure Rescue CD (needs internet access to retrieve current virus data) first.

Good luck.

I downloaded the .dll expanded it on the down PC and ran a bootable virus scan which didn't find anything.

and the error is still popping up.




I just remembered that when I last shut down before this happened, I noticed (just after hitting shut down) that the Start button was blank (aka had the windows logo but no "Start") I can't help but feel that I mite have been hacked and interrupted the hacker's attack by disconnecting from the internet.

I guess what I had on the hard drive is lost as I fear I may end up having to do a reformat or reinstall windows.

:compbash
 

Drayco84

#4
Not quite... XP and later versions can do a "repair" install that leaves the contents of the HDD intact. You'll have to reinstall everything afterwards, but it's better than the alternative...

This is also why I wanted an external HDD with PCLOS on it...

Quote from: Shadrok on September 15, 2010, 05:44:39 PM
I just remembered that when I last shut down before this happened, I noticed (just after hitting shut down) that the Start button was blank (aka had the windows logo but no "Start") I can't help but feel that I mite have been hacked and interrupted the hacker's attack by disconnecting from the internet.

Sounds more like malware to me... Odds of getting hacked by a live person on the internet are rather small AFAIK...

Shadrok

Quote from: Drayco84 on September 15, 2010, 05:58:01 PM
Not quite... XP and later versions can do a "repair" install that leaves the contents of the HDD intact. You'll have to reinstall everything afterwards, but it's better than the alternative...

Well I do want to keep my files so I guess that's the next attempt.

Though I know when I tried the windows CD auto repair it asked for a floppy disc  :erk
and just hitting repair sends me to Windows recovery console. which gives me the

C:\WINDOWS>

prompt.

Also my windows disc is the kind you get with a Dell.



Quote from: Drayco84 on September 15, 2010, 05:58:01 PM
Sounds more like malware to me... Odds of getting hacked by a live person on the internet are rather small AFAIK...
So I guess most attacks now are automated then.
 

Drayco84

Quote from: Shadrok on September 15, 2010, 06:19:05 PM
Well I do want to keep my files so I guess that's the next attempt.

Though I know when I tried the windows CD auto repair it asked for a floppy disc  :erk
and just hitting repair sends me to Windows recovery console. which gives me the

C:\WINDOWS>

prompt.

Also my windows disc is the kind you get with a Dell.
OH! ...Oh crap... This is, without a doubt, the number ONE reason I hate mass-produced comps... Instead of actually giving people a FULL XP disk AND a disk of their crapware/drivers, they just merge the two of 'em and only give you the option to "restore to default settings", which usually means reformatting the HDD as well...

Anybody have more experience with Dells?

hapless

Unfortunarely, no experience with Dells, but seems to me Shadrok actually has a regular Windows installer CD - the OEM recoveries that just blast a disk image erasing everything don't offer recovery console, and usually have a non-standard UI.
So, there's a chance we have a misuderstanding here.

Assuming you actually boot to the XP installer, and get the blue text-mode menu, you have three options, Install, Repair, and Exit.
Repair here, gives you two options: Automated repair with floppy disk, and recovery console.
BUT, the "overlay" Drayco's talking about, i.e. "reinstall all system files, but leave user data and user part of the registry intact", is reached via more crazy way.
You hit Install, then accept license, then you get "Scanning hard disk for Windows installations" at bottom of the screen, and THEN it should pop-up something in lines of "Windows has been detected on the disk", giving you options to abort or REINSTALL. If my memory serves, it's even funnier because you press Esc to continue with the overlay, but I'm not sure.

It's no harm to try, as only way to get the HDD formatted is to agree to it by choosing one of the for format types from the list that has "Don't format" at top, and then confirming on next screen again.

Anyway, if it manages to boot after the overlay, keep in mind that your system will be in strange half-broken state, with need of reinstallation of drivers, windows updates, and possibly some messing-with-the-system apps, and well, may be unstable forevermore. So, backup your stuff, and maybe consider a clean reformat.

If this all don't work, or you don't want to try, you can grab a bootable linux livecd (or BartPE windows livecd), and use it to back up data from your windows disks to an USB HDD or via local network to another computer. Knoppix, Puppy Linux, even (K/)Ubuntu live, all work.
Chaosnet device not responding - check breaker on the Unibus

RobbieThe1st

Y'know, for some reason this sounds to me like a case of disk corruption.
I'd see if you can't run scandisk - either off the Windows CD, or sticking your drive as the second drive in a working PC, and run it from there.
If you see "no errors", then you can try doing an overlay as hapless suggests. If you see an error, check if it fixed it. If you see a -lot- of errors, you probably need to replace your HD.
If you have just a couple of errors, and can get it to "fix" the error, you can again try copying the proper DLL, see if that works. If not, you may want to go ahead and get a new harddisk as it may be dying. You can then do an install on that, and copy over your own personal data from the old HD(including Firefox profile etc), and not have to worry about losing but an afternoon or two of work.

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

Drayco84

Quote from: hapless on September 15, 2010, 07:29:08 PM
If this all don't work, or you don't want to try, you can grab a bootable linux livecd (or BartPE windows livecd), and use it to back up data from your windows disks to an USB HDD or via local network to another computer. Knoppix, Puppy Linux, even (K/)Ubuntu live, all work.
So will PCLinuxOS, as well. All will install the OS to RAM, allowing you to freely move your files WITHOUT doing anything to the HDD or your Windows install.

And to me, it sounds more like a borked Win update. (Yeah, they do tend to do that from time to time.) The really bad part is that when the comp is updating, it does so without your consent and also looks creepily similar to a hacking attack.

I dunno if that's what happened here, but it's just my guess.

Shadrok

As I was reading your posts, the down pc was on the
Contact your system administrator
to replace the DLL, or restore the original DLL.

[Restart]

When I noticed that my Wacom tablet's driver icon had popped up as it does when it loads. So my program drivers are booting just not the msgina.dll.

As for the hard drive dieing, well it wouldn't be the first for this computer, it's going on 10 years old. Also from what I've heard it was never a reliable pc to begin with. It's a Dell Dimension 4600.




I'll try the PCLinuxOS to see if I can transfer  my files to my portable hard drive. If it works then I'll just move forward on getting a new computer and consider this one past it's expiration date.



Quote from: Drayco84 on September 16, 2010, 02:20:47 PMIt sounds more like a borked Win update. (Yeah, they do tend to do that from time to time.) The really bad part is that when the comp is updating, it does so without your consent and also looks creepily similar to a hacking attack.

Well it's like the old joke about windows, "Windows is full of pains".