Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MnWin32.exe


  • Please log in to reply
5 replies to this topic

#1 aficionado

aficionado

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 19 April 2009 - 06:34 AM

Hello! I am new around here.

I was searching for info about "MnWin32.exe" and hopefuly found this post.
My problem is very similar to Tamer's, but my net connection is completely blocked...
...And this MnWin32 asks for a disk in drive "A" (floppy - where the program seems to create two files: a setup.exe, and a setup.ini). Otherwise, the computer doesn't work.

I found the place in my hard disk where MnWin32.exe is hidden, but don't know how to disable it.
- If the floppy disk remains inside "A", and I try to remove MnWin32.exe from the HD, I get the message "access denied", but the program doesn't seem to be running, if I check it.
- If the floppy disk is outside "A", I first get a message from MnWin32.exe asking for the disk, I don't pay attention to it, and try to remove MnWin32.exe from the HD, but then I get the message "the program is running" which, if checked, seems to be right.

Could you please give me some help & steps to follow about how to clean this MnWin32.exe from my computer?
Thanks a lot!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:47 AM

Posted 19 April 2009 - 10:44 AM

Hello is this an XP machine?
I've split you to your own topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 aficionado

aficionado
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 20 April 2009 - 06:47 AM

Thank you!

It does is an XP SP3 machine.
But also, I use a Vista SP1 machine: I'm afraid I passed the virus (or whatever) to it from the XP machine, but I think I could manage it. I'll tell what happened in case it can be of some help:

Vista machine:
When starting the computer, everytime, I got a window message, titled "ConfDriver properties", telling:

ConfDriver properties
Kind: Program
Origin: S-1-5-21-1482476501-1644491937-682003330-1013
Size: 0 bytes
Deleted: Today, [time and date]
Created: [blank]
Properties: [blank]
(sorry for the translation of the words; in Spanish it sounds different)

The possible options for that window were:
- A button inside, reading "Restore".
- Two buttons at the bottom, reading "Accept"/"Cancel".
I never tried the first option, but the second and the third, and the window just closed and nothing seemed to happen, until starting again the computer.

Then, I was looking for the MnWin32.exe in the Vista machine with no success; the same happened with the other two files, .exe and .ini.

But again investigating what happened when switching any portable media to the XP machine, I observed the "automatic" creation, in that media, of a folder called "CONFIG", in capitals, including the file "S-1-5-21-1482476501-1644491937-682003330-1013" (plus the two .exe and .ini files).

Then, I went back to the Vista machine, searched for a "CONFIG" folder, and found it hidden right in the main hard disk. It seemd to contain a hidden "S-1-5-21-1482476501-1644491937-682003330-1013" file.
I deleted the whole "CONFIG" folder, and (surprisingly for me) I was asked about permission to delete four (!) files: the visible "S-1-5-21-1482476501-1644491937-682003330-1013" but also three invisible: the .exe, the .ini, and a "ConfDriver.exe".

After that, I started again my Vista computer and I no longer got the mentioned window message.

To finish:
- The XP machine remains as I described.
- The Vista machine... I don't know if I can trust it's cleaned (?)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:47 AM

Posted 20 April 2009 - 03:37 PM

Hi, you have no connection..
See if this fixes your Net issues .

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


You've infected both machines. Did you use a mobile device to tranfer files. USB,pen or Flash drive etc...
If so run this on alll 3.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aficionado

aficionado
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 22 April 2009 - 02:24 PM

Hello again,
Once followed instructions, things developed as follows:

- I tried only with the XP machine, at the moment:

- The hidden autorun.inf folder created by Flash_Disinfector.exe, appeared only in hard disks, but not in USB flash drives.
- The behaviour of the computer remains the same: It doesn't work properly unless a 3,5" disquette is inside "A:\" (the disquette keeps files "_Autorun.exe" and "autorun.inf". When I try to release the disquette, I get the message again: "MnWin32.exe" asks to insert disquette.
- Anyway, the message by "MnWin32.exe" appears now a bit later, when starting the computer.
- For a while, I had connection. But rather slow and strange: It seemed to work when I released the disquette from "A:\", but only while clicking time after time the "continue" button when asked to insert the disquette (but keeping it outside drive "A").
In that way, I only could try some simple searches in Google, but not even bleepingcomputer.com could be opened... Uh!, one more thing: my antivirus did updated in the meantime, under connection. Also, I've tried emule and it does connect and uploads and downloads (?!).
- The hidden "_Autorun.exe" and "Autorun.inf" files and the "CONFIG" folder continue in the USB flash drives.
- The "MnWin32.exe" remains in my hard disk as well.

I repeated your given process instructions several times, to be sure I wasn't doing wrong.
I tried both keeping the disquette inside "A" all along the process, or outside "A" (unless the computer didn't work at all and asked to insert it to work).

I understand it must be rather difficult to help to solve such a problem if you don't have the computer in front of you, so I appreciate a lot your help and thank you again... and beg your pardon for my ignorance on computers!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:47 AM

Posted 22 April 2009 - 07:45 PM

Ok I am not certain that a virus etcetera is causing this. I think you need to ask again in the Vista forum. Or perhaps post an HJT log and have them see if it is a hidden problem.
To run HJT/DDS.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users