04 Jan 2010 @ 4:12 AM
You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Windows will not boot, regular nor safe mode, what to do?”.
You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Windows will not boot, regular nor safe mode, what to do?”.
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2010
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life « Default
Earth 
Wind 
Water 
Fire Light
Previous 
Next 
Hi, interesting post. I have been wondering about this topic,so thanks for posting. I’ll definitely be subscribing to your site. Keep up the good posts
great post, thanks for sharing
Thanks for the comment as it is much appreciated. I know it’s been quite some time since I’ve had a chance to update the site due to time restrictions (work and family), and I apologize for this. On another note, If you, or any one else, have any contributions (good articles, information, success stories, etc…) please feel free to sign up share them with us.
I apologize for leaving you hanging for so long. I have however, been testing the wine developments as they come along without success. It seems that the MalwareBytes team has intentionally modified their software to fail in a pre-install environment (assuming this from multiple readings), and this seems to effect the wine environment as well. To answer your question, I have not been able to get MBAM to run successfully via wine since (I believe) v1.45.
Great post man! I always follow your blog because it is full of compelling information about various things. I like to read this post because I met so many new facts about it actually. It’s really great that I noticed this post. Thank you very much again for sharing this informative article. Many thanks,
wow account
It seems that this does work when using version 1.43 of MalwareBytes, but if I try to install the latest version, 1.46, wine crashes and it will not install. Are you going to be updating the puppy iso so the newer version of MalwareBytes works.
Thanks for your work, I have been looking for something like this for a while. Keep up the good work.
I apologize for the late response… It’s been a long day.
Yes there are quite a few files under Wine that are flagged as infections, but in actuality they are just false-positives. Although this has been noted in the comments, I have yet to update the actual post.
Were you able to complete a full scan? If the answer is no, can you pinpoint the file name that the crash occurs on?
I am using mbam 1.44 database version 3864
those are just files. memory modules were:
c:windows.system32/setupapi.dll
c:windows.system32/advpack.dll
c:windows.system32/spoolss.dll
c:windows.system32/crtdll.dll
c:windows.system32/winealsa.drv
c:windows.system32/msacm32.drv
c:windows.system32/midimap.dll
unable to save logfile from mbam version manually copied by typing what was found in quick scan files were from wine c:
trojan.vundo.h file C:windows/system32/setupapi.dll
trojan.vundo.h file C:windows/system32/winemapi.dll
trojan.vundo.h file C:windows/system32/advpack.dll
trojan.vundo.h file C:windows/system32/spoolss.dll
trojan.vundo.h file C:windows/system32/crtdll.dll
trojan.vundo.h file C:windows/system32/winealsa.drv
trojan.vundo.h file C:windows/system32/msacm32.drv
trojan.vundo.h file C:windows/system32/midimap.dll
trojan.vundo.h file C:windows/system32/acledit.dll
trojan.vundo.h file C:windows/system32/aclui.dll
trojan.vundo.h file C:windows/system32/activeds.dll
trojan.vundo.h file C:windows/system32/actxprxy.dll
trojan.vundo.h file C:windows/system32/authz.dll
trojan.vundo.h file C:windows/system32/avicap32.dll
trojan.vundo.h file C:windows/system32/avrt.dll
trojan.vundo.h file C:windows/system32/capi2032.dll
trojan.vundo.h file C:windows/system32/cfgmgr32.dll
trojan.vundo.h file C:windows/system32/clusapi.dll
trojan.vundo.h file C:windows/system32/compstui.dll
trojan.vundo.h file C:windows/system32/cryptnet.dll
trojan.vundo.h file C:windows/system32/ctapi32.dll
trojan.vundo.h file C:windows/system32/dciman32.dll
trojan.vundo.h file C:windows/system32/ddrawex.dll
trojan.vundo.h file C:windows/system32/dnsapi.dll
trojan.vundo.h file C:windows/system32/dpwsockx.dll
trojan.vundo.h file C:windows/system32/drmclien.dll
trojan.vundo.h file C:windows/system32/dssenh.dll
trojan.vundo.h file C:windows/system32/faultrep.dll
trojan.vundo.h file C:windows/system32/fltlib.dll
trojan.vundo.h file C:windows/system32/fusion.dll
trojan.vundo.h file C:windows/system32/fwpuclnt.dll
trojan.vundo.h file C:windows/system32/gdiplus.dll
trojan.vundo.h file C:windows/system32/glu32.dll
trojan.vundo.h file C:windows/system32/gpkcsp.dll
trojan.vundo.h file C:windows/system32/hlink.dll
trojan.vundo.h file C:windows/system32/hnetcfg.dll
trojan.vundo.h file C:windows/system32/httpapi.dll
trojan.vundo.h file C:windows/system32/icmp.dll
trojan.vundo.h file C:windows/system32/ifsmgr.vxd
trojan.vundo.h file C:windows/system32/imaadp32.acm
trojan.vundo.h file C:windows/system32/imagehlp.dll
trojan.vundo.h file C:windows/system32/inetcomm.dll
trojan.vundo.h file C:windows/system32/inetnib1.dll
trojan.vundo.h file C:windows/system32/infosoft.dll
trojan.vundo.h file C:windows/system32/initpki.dll
trojan.vundo.h file C:windows/system32/inkobj.dll
trojan.vundo.h file C:windows/system32/inseng.dll
trojan.vundo.h file C:windows/system32/itircl.dll
trojan.vundo.h file C:windows/system32/loadperf.dll
trojan.vundo.h file C:windows/system32/mcicda.dll
trojan.vundo.h file C:windows/system32/mciseq.dll
trojan.vundo.h file C:windows/system32/mlang.dll
trojan.vundo.h file C:windows/system32/mmdevapi.dll
trojan.vundo.h file C:windows/system32/mmdevldr.vxd
trojan.vundo.h file C:windows/system32/monodebg.vxd
trojan.vundo.h file C:windows/system32/mprapi.dll
trojan.vundo.h file C:windows/system32/msadp32.acm
trojan.vundo.h file C:windows/system32/mscat32.dll
trojan.vundo.h file C:windows/system32/mscoree.dll
trojan.vundo.h file C:windows/system32/msdaps.dll
trojan.vundo.h file C:windows/system32/msg711.acm
trojan.vundo.h file C:windows/system32/msgsm32.acm
trojan.vundo.h file C:windows/system32/msimg32.dll
trojan.vundo.h file C:windows/system32/msisip.dll
trojan.vundo.h file C:windows/system32/msisy.ocx
trojan.vundo.h file C:windows/system32/msnet32.dll
trojan.vundo.h file C:windows/system32/mssign32.dll
trojan.vundo.h file C:windows/system32/mssip32.dll
trojan.vundo.h file C:windows/system32/msvcr71.dll
trojan.vundo.h file C:windows/system32/msvcrt20.dll
trojan.vundo.h file C:windows/system32/msvcrt40.dll
trojan.vundo.h file C:windows/system32/msccrtd.dll
trojan.vundo.h file C:windows/system32/nddeapi.dll
trojan.vundo.h file C:windows/system32/netapi32.dll
trojan.vundo.h file C:windows/system32/newdev.dll
trojan.vundo.h file C:windows/system32/ntdsapi.dll
trojan.vundo.h file C:windows/system32/odbc32.dll
trojan.vundo.h file C:windows/system32/odbccp32.dll
trojan.vundo.h file C:windows/system32/olecli32.dll
trojan.vundo.h file C:windows/system32/oledb32.dll
trojan.vundo.h file C:windows/system32/olesvr32.dll
trojan.vundo.h file C:windows/system32/pdh.dll
trojan.vundo.h file C:windows/system32/powrprof.dll
trojan.vundo.h file C:windows/system32/propsys.dll
trojan.vundo.h file C:windows/system32/qedit.dll
trojan.vundo.h file C:windows/system32/qmgrprxy.dll
trojan.vundo.h file C:windows/system32/rasipi32.dll
trojan.vundo.h file C:windows/system32/rasdlg.dll
trojan.vundo.h file C:windows/system32/resutils.dll
trojan.vundo.h file C:windows/system32/rtutils.dll
trojan.vundo.h file C:windows/system32/sccbase.dll
trojan.vundo.h file C:windows/system32/secur32.dll
trojan.vundo.h file C:windows/system32/security.dll
trojan.vundo.h file C:windows/system32/sensapi.dll
trojan.vundo.h file C:windows/system32/slc.dll
trojan.vundo.h file C:windows/system32/snmpapi.dll
trojan.vundo.h file C:windows/system32/softpub.dll
trojan.vundo.h file C:windows/system32/sti.dll
trojan.vundo.h file C:windows/system32/sfc.dll
trojan.vundo.h file C:windows/system32/sfc_os.dll
trojan.vundo.h file C:windows/system32/slbcsp.dll
trojan.vundo.h file C:windows/system32/sti.dll
trojan.vundo.h file C:windows/system32/svrapi.dll
trojan.vundo.h file C:windows/system32/sxs.dll
trojan.vundo.h file C:windows/system32/t2embed.dll
trojan.vundo.h file C:windows/system32/tapi32.dll
trojan.vundo.h file C:windows/system32/traffic.dll
trojan.vundo.h file C:windows/system32/unicows.dll
trojan.vundo.h file C:windows/system32/updspapi.dll
trojan.vundo.h file C:windows/system32/userenv.dll
trojan.vundo.h file C:windows/system32/usp10.dll
trojan.vundo.h file C:windows/system32/vdhcp.vxd
trojan.vundo.h file C:windows/system32/vdmdbg.dll
trojan.vundo.h file C:windows/system32/vmm.vxd
trojan.vundo.h file C:windows/system32/vnbt.vxd
trojan.vundo.h file C:windows/system32/vnetbios.vxd
trojan.vundo.h file C:windows/system32/vtdapi.vxd
trojan.vundo.h file C:windows/system32/vwin32.dll
trojan.vundo.h file C:windows/system32/w32skrnl.dll
trojan.vundo.h file C:windows/system32/wbemprox.dll
trojan.vundo.h file C:windows/system32/wineaudioio.drv
trojan.vundo.h file C:windows/system32/winecoreaudio.drv
trojan.vundo.h file C:windows/system32/winedos.dll
trojan.vundo.h file C:windows/system32/wineesd.drv
trojan.vundo.h file C:windows/system32/winejack.drv
trojan.vundo.h file C:windows/system32/winejoysick.drv
trojan.vundo.h file C:windows/system32/winenas.drv
trojan.vundo.h file C:windows/system32/wineoss.drv
trojan.vundo.h file C:windows/system32/wing32.dll
trojan.vundo.h file C:windows/system32/winnls32.dll
trojan.vundo.h file C:windows/system32/wintab32.dll
trojan.vundo.h file C:windows/system32/wmi.dll
trojan.vundo.h file C:windows/system32/wmiutils.dll
trojan.vundo.h file C:windows/system32/wnaspi32.dll
trojan.vundo.h file C:windows/system32/wow32.dll
trojan.vundo.h file C:windows/system32/wtsapi32.dll
trojan.vundo.h file C:windows/system32/wuapi.dll
trojan.vundo.h file C:windows/twain_32.dll
trojan.vundo.h file C:windows/system32/dmusic.32.dll
full scan failed to complete program crashed no error message. only a http to send the fact that it crashed to. will run quick scan to test results.
I have got it running on wine in the puplet on usb flash drive. mounted sda1 my windows drive. the drive has no spyware on it i have scanned it with mbam in that drive from normal and safe mode as well as from a clone harddrive of windows xp pro. so its clean. i am getting false positives on what seems to be windows system 32 .dll files from the emulated mbam on the puplet. aproxamatley 146 of them. i am just trying to get this to work so i can use it in the field. i do not have infection myself. if i did it would be fixed instantly. im running it to get you a log file on these settings wine config drive d: = /mnt/sda1 mbam scan = full scan wine drive d: /mnt/sda1. scan takes long time massive drive. if too large log will do segments.
yeah i got a little anxious and left all three checked, C: D: and Z: where Z: appears to contain my sda2, as I now see its scanning that whole directory now
I skip the wine drive (C:) scan altogether. Although, I believe Malwarebytes’ sees this drive as the primary and runs a quick scan anyway. So you will still have false positives on your list. We’re only really concerned with the Windows drive findings though.
As far as the registry goes, the quickscan of the wine drive includes the wine registry. I believe a Windows registry scan would involve loading the hives previous to the scan, on that note, I’m not sure if Malwarebytes’ would even acknowledge the hives. Don’t quote me on that as I may be dead wrong. Typically the scan is enough to get back to Windows and finish the disinfecting via a full Windows based Malwarebytes’ scan.
OK here is another question, Do you really need to scan the “c:” drive as this is just a fake drive created for wine, correct? So would skipping that drive eliminate the false positives? or does the “c:” drive link to the real windows registry files? This is assuming I used your instructions and did not port the real ones into wine.
Yes, I have noticed that many of the files housed under wine are claiming to be infected. This is nothing to worry about though, as they are false-positives and will not harm your Windows install. …Keep the questions coming, I rather enjoy sharing what I can.
In 4 minutes, it seems to have found 146 objects infected, Am I correct in guessing that if it was not reading the windows drive, it would find nothing, as there should be no malware on the live cd, correct? I’m sorry for punishing you with these perpetual questions.
I tried to mount it via terminal with ln -s /mnt/sda2 d: It seems like that may have worked, but i have been fooled in the past.
No problem. It seems, most likely, to be an issue with the wine configuration. Try this:
Connect to the Internet
Menu -> Setup -> Network WizardOpen a terminal
Menu -> Utility -> Terminaland run the following:
rm -Rf ~/.wine; winetricks vb6run vcrun6 native_oleaut32Follow the prompts for the (2) installations; repeat the wine partition mount (hopefully with success) and let me know if the matter needs more attention.
Thanks for the reply, and the understanding nature. I made a slight mistake as it is sda2, yes i can open it from the desktop, I seem to be able to browse it. I don’t know how to mount it to wine ( i think this is where my problem is) I goto Wineconfig, and when i click on the drives tab, i get failed to connect to the mount manager
No worry’s on the post as I will combine the two in the correct location.
Wine should not start automatically, the
killall -9method is only necessary to rid the system of any defunct wine processes, so I am not surprised by the results. What happens when you double-clickhda2from the desktop. Does the partition mount successfully? If so, can you browse through the directories? If yes, do you receive any error messages when adding the partition to wine?It appears my last post went into the wrong page, so forgive me if this is a double post.
I also have the inability to mnt hda2, it also seems that wineserver is not a process that is running
With this, “typing ps awux |grep wine to verify the running processes” I get some output…., with this “killall -9 wineserver to kill off the entire process tree.” I get no process killed.
I am using the sligh version of your live disc
@tdurbin
Sorry, I’m so late getting back with my reply.
After running a full scan and clean with Malwarebytes in Linux again, I tried loading up windows and doing a scan in there. It found some, but whatever there wasn’t close to the same amount that it found when running in Linux. It seemed to have helped at least. Sadly I have already reformatted this computer just to make sure there was nothing else hanging on in there so I can’t post a log. If I run across the same issue again, I’ll be sure to keep a log and let you know.
Thanks for the help and the great puppy distro
Marc, anytime… I can’t express the joy I get contributing my efforts to the open source revolution. Regarding your issue. It’s possible that wineserver is running in the back ground, possibly hung. You can try opening a Terminal and typing
ps awux |grep wineto verify the running processes, andkillall -9 wineserverto kill off the entire process tree. Then try again to add the drive letter via winecfg.Thanks for your help! I switch to Puppy 43 NOP and all works as advertised. One more question. When mounting the drive using Wine Config I get an error that says “Failed to connect to the Mount Manager, The drive configuration cannot be edited. Did I miss something?
Marc, No problem, glad to hear you found it useful. I am not positive as we use the NOP (Nearly Office Pup) to build and work with. What version of wine are you using? We utilize wine 1.1.35 and winetricks to install vb6run, vcrun6, and native_oleaut32 previous to the install. Feel free to post your mbam installation output and we can try to deduce the issue(s).
If you believe that the install went without issue you can try using the command line to run malwarebytes’ by typing in
wine "/root/.wine/Program Files/Malwarebytes' Anti-Malware/mbam.exe".Thanks for your help on this. I’ve been trying to figure out how to run MBAM from Puppy for about six months now. All when well follwoing your instructions however, After installation I don’t have a Menu\Other option in my distro. It is Puppy 4.3.1. Can you help?
Usul, that does sound odd, by chance would you mind posting your Malwarebytes’ log file?
I don’t think this is working right. I am trying this on a computer and everything seems fine. I can download, install and run Malwarebytes just fine. When it shows me the results of infections it found 146 the first time. I told it to clean the infections and just like normal it said it cleaned some and others will be cleaned on a reboot. The only problem is that it seems like it isn’t actually deleting or quarantining the files. I tried a reboot without saving the puppy settings and then loaded back in to puppy to run another scan. After I get everything set up again and run another scan I get the exact same number and files of infections.
Does anyone have any ideas on why it’s not getting rid of the files? Thanks for the help.
Nils, Glad to hear the good news and thank you for the feedback.
Ted
tdurbin, I used the download you suggested (the one with wine installed), followed your instructions and got MalwareBytes to run. All is now well.
Thanks.
Nils Hokansson
Janina, Try this. Click on Menu -> Network -> Roaring Penguin PPPOE, in the new window click on SETUP and a terminal input window will appear requesting your user name, interface (you can most likely take the defaults), connection (demand or permanent, keep the default here), DNS information (I believe your DNS servers are 1st: 203.115.130.72, 2nd: 203.115.130.74), your password, firewalling (choose 0 – NONE for temporary use), accept the settings by typing “y”. Back at the GUI click on START. Good luck.
i’m having trouble connecting through the internet. i use a PPOE or DSL connection. i already entered the username and the IP address but i can’t enter my password? please help.
i connect through the internet using a PPOE or through DSL with username and password. how do i configure internet connection through linux?
Absolutely, we are here to help. Welcome to the Linux revolution, by the way… everyone has to start out somewhere. Good luck, and keep us posted.
Cheers,
Ted
First, thanks for your very prompt and complete response. You are indeed correct. I downloaded Puppy from the main Puppy site and not the one you link to in your article. I tried to find out how to install wine in the distro I got, as I suspected wine was absent from it, but did not find it to be a trivial task, especially since I am a newbie with Linux. It will be a lot easier with it already in the ISO.
Nils Hokansson
I assume that you are using a puppy distro other than that which is located under the Downloads section (puppy-431-NOP_wine-1.1.35.iso). I highly recommend using our ISO as there were customizations made to Wine, of which I could post if your interested in building your own. Most Puppy distros (Puplets) do not come with Wine pre-installed, and some are tougher to get Wine functioning than others. As well, this is probably irrelevant for the task at hand, but from your comment, it looks like there is a missing space between
wineand~/mbam-setup.exe(e.g.wine ~/mbam-setup.exe), that would display the error you are receiving. You can verify that Wine is installed by typingwine --helpin the terminal, you should see output similar to: “Usage: wine PROGRAM [ARGUMENTS...]” if you have a working application.I have a machine that will not boot, so I find your post very interesting; however, I am having trouble getting MalwareBytes installed and running. I am using Puppy Linux v4.3.1, which loads fine. I downloaded the MalwareBytes set up application and put it in the root folder. Then I tried to execute it with wine. I clicked on Menu, Utility, but did not find Terminal. Instead I found Rxvt Terminal Emulator, which I opened. I was presented with a number sign and typed wine~/mbam-setup.exe per your instructions. The response was: bash: wine~/mbam-setup.exe: No such file or directory. I tried it with a space after wine and got: Bash: wine: command not found.
I am really stuck with a dead machine, so any help you can provided will be greatly appreciated.
Nils Hokansson