Hi,
Got hit by trojan (trojan.noupdate.B), and got rid of it.
HOWEVER...
Most of my start up programs are reporting:
"..illegal operation and will shut down" . When I hit
details, I get that the problem is in MSlib32.dll, and it
is one of 2 places (017f:10002e6 or 017f:00ee24e6)

I checked my other system, and no such dll. So, do I need
it, or is it part of another virus? Can I delete it? I
tried renaming it, and it renamed itself back!

Thanks
Marian

It is not a valid Windows file, no. MSLib32.dll indicates a *very* new
(like, in the past two days!) Trojan.

See http://snipurl.com/6xii.

There is every likelihood that no anti-virus app can identify and delete it
yet!
--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx

Marian McQuaid wrote:
> Hi,
> Got hit by trojan (trojan.noupdate.B), and got rid of it.
> HOWEVER...
> Most of my start up programs are reporting:
> "..illegal operation and will shut down" . When I hit
> details, I get that the problem is in MSlib32.dll, and it
> is one of 2 places (017f:10002e6 or 017f:00ee24e6)
>
> I checked my other system, and no such dll. So, do I need
> it, or is it part of another virus? Can I delete it? I
> tried renaming it, and it renamed itself back!
>
> Thanks
> Marian

Thanks. Fortunately, I have 2 systems, so can look up on
one, and "fix" broken one. Broken one won't let me on
line, nor run printer, or CD burner. Let me play a bit,
and I will post again, later.
Thanks
Marian
>-----Original Message-----
>It is not a valid Windows file, no. MSLib32.dll
indicates a *very* new
>(like, in the past two days!) Trojan.
>
>See http://snipurl.com/6xii.
>
>There is every likelihood that no anti-virus app can
identify and delete it
>yet!
>--
>HTH - Please Reply to This Thread
>
>~Robear Dyer (PA Bear)
>MS MVP-Windows (IE/OE), AH-VSOP
>
>AumHa Forums
>http://forum.aumha.org
>
>What You Should Know About Spyware
>http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
>
>Marian McQuaid wrote:
>> Hi,
>> Got hit by trojan (trojan.noupdate.B), and got rid of
it.
>> HOWEVER...
>> Most of my start up programs are reporting:
>> "..illegal operation and will shut down" . When I hit
>> details, I get that the problem is in MSlib32.dll, and
it
>> is one of 2 places (017f:10002e6 or 017f:00ee24e6)
>>
>> I checked my other system, and no such dll. So, do I
need
>> it, or is it part of another virus? Can I delete it? I
>> tried renaming it, and it renamed itself back!
>>
>> Thanks
>> Marian
>
>.
>

Using Scanreg/restore *might* be able to help, Marian.
--
~PA Bear

Marian mcQuaid wrote:
> Thanks. Fortunately, I have 2 systems, so can look up on
> one, and "fix" broken one. Broken one won't let me on
> line, nor run printer, or CD burner. Let me play a bit,
> and I will post again, later.
> Thanks
> Marian
>> -----Original Message-----
>> It is not a valid Windows file, no. MSLib32.dll indicates a *very* new
>> (like, in the past two days!) Trojan.
>>
>> See http://snipurl.com/6xii.
>>
>> There is every likelihood that no anti-virus app can identify and delete
>> it yet!
>> --
>> HTH - Please Reply to This Thread
>>
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE), AH-VSOP
>>
>> AumHa Forums
>> http://forum.aumha.org
>>
>> What You Should Know About Spyware
>> http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
>>
>> Marian McQuaid wrote:
>>> Hi,
>>> Got hit by trojan (trojan.noupdate.B), and got rid of it.
>>> HOWEVER...
>>> Most of my start up programs are reporting:
>>> "..illegal operation and will shut down" . When I hit
>>> details, I get that the problem is in MSlib32.dll, and it
>>> is one of 2 places (017f:10002e6 or 017f:00ee24e6)
>>>
>>> I checked my other system, and no such dll. So, do I need
>>> it, or is it part of another virus? Can I delete it? I
>>> tried renaming it, and it renamed itself back!
>>>
>>> Thanks
>>> Marian
>>
>> .

Hi,
I clearly can't get online, even in safe mode. I am
running Win98SE, so how do I do Scanreg? run it from
Start/Run? How can I find the date for the last registry
I can restore from?
Adware found nothing, neither did spybot. Somehow, at
some second in time, I was able to get Norton's update, so
that is how I found the first Trojan. (trojan.noupdate.B)

I will try d/l'ing from the sites you suggest on that
link, burning CD and see if I can get the blasted thing to
read a CD.

Any more ideas?
Thanks SOO much! Will keep you posted!
Marian
>-----Original Message-----
>Using Scanreg/restore *might* be able to help, Marian.
>--
>~PA Bear
>
>Marian mcQuaid wrote:
>> Thanks. Fortunately, I have 2 systems, so can look up
on
>> one, and "fix" broken one. Broken one won't let me on
>> line, nor run printer, or CD burner. Let me play a bit,
>> and I will post again, later.
>> Thanks
>> Marian
>>> -----Original Message-----
>>> It is not a valid Windows file, no. MSLib32.dll
indicates a *very* new
>>> (like, in the past two days!) Trojan.
>>>
>>> See http://snipurl.com/6xii.
>>>
>>> There is every likelihood that no anti-virus app can
identify and delete
>>> it yet!
>>> --
>>> HTH - Please Reply to This Thread
>>>
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-Windows (IE/OE), AH-VSOP
>>>
>>> AumHa Forums
>>> http://forum.aumha.org
>>>
>>> What You Should Know About Spyware
>>>
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
>>>

boot to "command prompt" then type "scanreg /restore" note the space before
the "/"

you will have 4 choices ...bottom is the most recent ...work you way back in
time :>

"Marian McQuaid" > wrote in message
...
> Hi,
> I clearly can't get online, even in safe mode. I am
> running Win98SE, so how do I do Scanreg? run it from
> Start/Run? How can I find the date for the last registry
> I can restore from?
> Adware found nothing, neither did spybot. Somehow, at
> some second in time, I was able to get Norton's update, so
> that is how I found the first Trojan. (trojan.noupdate.B)
>
> I will try d/l'ing from the sites you suggest on that
> link, burning CD and see if I can get the blasted thing to
> read a CD.
>
> Any more ideas?
> Thanks SOO much! Will keep you posted!
> Marian
> >-----Original Message-----
> >Using Scanreg/restore *might* be able to help, Marian.
> >--
> >~PA Bear
> >
> >Marian mcQuaid wrote:
> >> Thanks. Fortunately, I have 2 systems, so can look up
> on
> >> one, and "fix" broken one. Broken one won't let me on
> >> line, nor run printer, or CD burner. Let me play a bit,
> >> and I will post again, later.
> >> Thanks
> >> Marian
> >>> -----Original Message-----
> >>> It is not a valid Windows file, no. MSLib32.dll
> indicates a *very* new
> >>> (like, in the past two days!) Trojan.
> >>>
> >>> See http://snipurl.com/6xii.
> >>>
> >>> There is every likelihood that no anti-virus app can
> identify and delete
> >>> it yet!
> >>> --
> >>> HTH - Please Reply to This Thread
> >>>
> >>> ~Robear Dyer (PA Bear)
> >>> MS MVP-Windows (IE/OE), AH-VSOP
> >>>
> >>> AumHa Forums
> >>> http://forum.aumha.org
> >>>
> >>> What You Should Know About Spyware
> >>>
> http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
> >>>
>

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=MSlib32.dll&btnG=Search
Google Groups search finds few have heard of it. Spelt correctly?

I have no such "MSlib32.dll", nor does it appear to be in my Win98SE
..cabs. If this is a new virus, as PA has said, then here are some manual
steps you may perform (if you can get to Safe Mode [hold F5 or Ctrl as
you boot].)...

A .DLL may be started in the Startup Group by RunDLL32.exe. Also, there
may be other ways it gets started. Therefore, selectively prevent the
non-MS items in "START, Run, MSConfig, Startup tab", to see which is
starting it.

(1) If your virus checker has quarantined an item, a call to something
that uses MSlib32.dll may yet be in the Startup Group. It is trying to
activate but cannot. So, "START, Run, MSConfig, Startup tab", & uncheck
it. Next, go to your virus scanner's site, to see whether there are
other finishing touches to apply. (But it is too new, pehaps.)

(2) If you've uninstalled something lately, much the same applies.
Reinstall it, & uninstall it again properly in "Control Panel,
Add/Remove Programs". That way, if anything else was left behind, it too
will hopefully go.

(3) Well, consider...

Check the Registry for a mention of it, Export, & Delete the line.
However, if the line is in an MRU (Most Recently Used) list, just let it
be...

(a) "START, Run, RegEdit".
(b) Select "Find" in the Edit menu. Search for "MSlib32.dll", no quotes.
(It may take a while.)

(c) "Registry menu, Export Registry file".

This will create a ".reg" file of the entire Key that is open...
all the items in the right pane & any sub-keys in the left pane
(supposing there was a plus sign on the one highlighted). Give it a name
& location of your choosing, even to the Desktop or My Documents. Then,
if something goes wrong with the following, you will be able to simply
click that file, to Merge it's contents back into the Registry.

(d) R-Clk the item(s) in the right or left pane that specifically
mentions "MSlib32.dll", and select Delete.
Anything in an MRU list may be left alone.
You know what? Perhaps just do the Export's & post them.
(e) Continue the search, at step (b).


By default, when a ".reg" is clicked, it will Merge into the Registry.
To alter the default behavior: "START, Settings, Folder Options, File
Types tab". Scroll to & click "Registration Entries", click the "Edit"
button, select "edit" in the window & click the "Set Default" button.
Now, when you click a ".reg" file, it will open in Notepad for
examination. To merge it into the Registry, R-Clk it & select "Merge".


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"Marian McQuaid" > wrote in message
...
| Hi,
| Got hit by trojan (trojan.noupdate.B), and got rid of it.
| HOWEVER...
| Most of my start up programs are reporting:
| "..illegal operation and will shut down" . When I hit
| details, I get that the problem is in MSlib32.dll, and it
| is one of 2 places (017f:10002e6 or 017f:00ee24e6)
|
| I checked my other system, and no such dll. So, do I need
| it, or is it part of another virus? Can I delete it? I
| tried renaming it, and it renamed itself back!
|
| Thanks
| Marian

Request for help on this Mslib32.dll are beginning to appear at the
SpywareInfo forum.
Suggest you do this:

Go to http://www.spywareinfo.com/downloads.php#det
Download "Hijack This!" [freeware] or download direct (below):
http://www.merijn.org/files/hijackthis.zip

If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip

Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates "hijackthis.log")

Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates "startuplist.txt")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, then copy and paste both files in your message.

HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/

The Tutorial if you want to know more about the results or the .log file.
http://www.merijn.org/htlogtutorial.html

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===
"Marian McQuaid" > wrote in message
...
> Hi,
> I clearly can't get online, even in safe mode. I am
> running Win98SE, so how do I do Scanreg? run it from
> Start/Run? How can I find the date for the last registry
> I can restore from?
> Adware found nothing, neither did spybot. Somehow, at
> some second in time, I was able to get Norton's update, so
> that is how I found the first Trojan. (trojan.noupdate.B)
>
> I will try d/l'ing from the sites you suggest on that
> link, burning CD and see if I can get the blasted thing to
> read a CD.
>
> Any more ideas?
> Thanks SOO much! Will keep you posted!
> Marian
> >-----Original Message-----
> >Using Scanreg/restore *might* be able to help, Marian.
> >--
> >~PA Bear
> >
> >Marian mcQuaid wrote:
> >> Thanks. Fortunately, I have 2 systems, so can look up
> on
> >> one, and "fix" broken one. Broken one won't let me on
> >> line, nor run printer, or CD burner. Let me play a bit,
> >> and I will post again, later.
> >> Thanks
> >> Marian
> >>> -----Original Message-----
> >>> It is not a valid Windows file, no. MSLib32.dll
> indicates a *very* new
> >>> (like, in the past two days!) Trojan.
> >>>
> >>> See http://snipurl.com/6xii.
> >>>
> >>> There is every likelihood that no anti-virus app can
> identify and delete
> >>> it yet!
> >>> --
> >>> HTH - Please Reply to This Thread
> >>>
> >>> ~Robear Dyer (PA Bear)
> >>> MS MVP-Windows (IE/OE), AH-VSOP
> >>>
> >>> AumHa Forums
> >>> http://forum.aumha.org
> >>>
> >>> What You Should Know About Spyware
> >>>
> http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
> >>>
>

Posted & Mailed

Using Scanreg to restore the Registry
http://support.microsoft.com/?kbid=221512

You should have your choice of four (4) dates, representing the last four
boots, so time is of the essence. Hopefully the earliest date predates the
infection. Do *not* choose any date which lists RBAD!
--
~PA Bear

Marian McQuaid wrote:
> Hi,
> I clearly can't get online, even in safe mode. I am
> running Win98SE, so how do I do Scanreg? run it from
> Start/Run? How can I find the date for the last registry
> I can restore from?
> Adware found nothing, neither did spybot. Somehow, at
> some second in time, I was able to get Norton's update, so
> that is how I found the first Trojan. (trojan.noupdate.B)
>
> I will try d/l'ing from the sites you suggest on that
> link, burning CD and see if I can get the blasted thing to
> read a CD.
>
> Any more ideas?
> Thanks SOO much! Will keep you posted!
> Marian
>> -----Original Message-----
>> Using Scanreg/restore *might* be able to help, Marian.
>> --
>> ~PA Bear
>>
>> Marian mcQuaid wrote:
>>> Thanks. Fortunately, I have 2 systems, so can look up on
>>> one, and "fix" broken one. Broken one won't let me on
>>> line, nor run printer, or CD burner. Let me play a bit,
>>> and I will post again, later.
>>> Thanks
>>> Marian
>>>> -----Original Message-----
>>>> It is not a valid Windows file, no. MSLib32.dll indicates a *very* new
>>>> (like, in the past two days!) Trojan.
>>>>
>>>> See http://snipurl.com/6xii.
>>>>
>>>> There is every likelihood that no anti-virus app can identify and
>>>> delete it yet!
>>>> --
>>>> HTH - Please Reply to This Thread
>>>>
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-Windows (IE/OE), AH-VSOP
>>>>
>>>> AumHa Forums
>>>> http://forum.aumha.org
>>>>
>>>> What You Should Know About Spyware
>>>>
> http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx