Re: Found an unknown keylogger/ spyware named "MrvGINA.dll"

Answered part of my question on another site. Here is what I found:

I had the same problem ... My netgear wg511 v.2 was acting up on XP.
updating the driver and connection utility seemed to be working great...then
I realized it had disabled the Windows XP welcome screen and fast user
switching. This was because of the mrvgina.dll.
I have found an answer and it worked on my pc...however it involves editing
the registry so it would probably be good to have a back out plan (just in
case....i.e. do so at your own risk)

after installing the new netgear driver/utility go to Start -->Run and type
regedit.

when the registry editor opens browse to
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/WINLOGON
Delete the key named GINAdll

Thats it....afterward you may want to go back into the control panel and
check the 'change the way users log on or off' and make sure the welcome
screen and fast user switching are both checked.


"EvilG" wrote:

Okay, what is a GINA? In my depraved mind, figuring it was a program written
by a 13YO hacker thought it was a play on Mr V(part of the female anatomy).
I did recently install a netgear wireless g card. It msut have changed the
security set up on my computer. Am I now safer or less safe from internet
attacks? How can I modify my settings so I no longer power up into an
administrator setting, and instead just into my personal account w/o having
to sign in a password? Or at least into my personal account w/ a password if
it is much safer?

Thanks.

"S. Pidgorny <MVP>" wrote:

It may be not a spyware but a result of installation of something - spyware
wouldn't call itself, or implement itself, as a GINA. A quicke search for
mrvgina.dll reveals that this is likely a Netgear installation component,
problems with it, and the ways to remove.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"EvilG" <EvilG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D7D5D78-ECEE-4B24-BC48-45586FA647D4@xxxxxxxxxxxxxxxx
Anyone heard of this? Found it while trying to correct my computer
starting
in "Administator" user mode, as opposed to my normal user profile. A log
in
window appears, which I believe is created by the spyware to try and phish
passwords.
When I tried to change the settings a warning stating "Windows Security
and
Fast User turned off. Uninstall program to correct. Finding MrvGINA.dll
may
help determine the responible program".
MrvGINA.dll is in the sytem32 folder.

Neither Spybot Search & Destroy nor Norton Internet Security have
identified
the file leading me to believe it is a new spyware/malware.



.

Relevant Pages

  • RE: block internet at two workstations
    ... Don't netgear has a filter based on ip address? ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
    (Security-Basics)
  • RE: block internet at two workstations
    ... the netgear box is set up for DHCP... ... block internet at two workstations ... prospectus based upon the core principle concepts of security. ...
    (Security-Basics)
  • Netgear DG834G V2 - security issue
    ... For those thinking of purchasing the Netgear DG834G V2. ... until it stopped connecting to the internet. ... Security issue: ... connected via lan cable and 3 via wlan. ...
    (uk.telecom.broadband)
  • Re: Wireless Router Disconnecting
    ... network/computing. ... Netgear routers have been the least problematic for me as of late. ... after changing my wireless security to the shared 64-bit WEP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Prob w/ Fast User Switching
    ... > Get Windows XP Service Pack 2 with Advanced Security Technologies: ... > | Interesting sidebar -- also tried changing settings for Processor Scheduling ... > |> If the pagefile can not grow to what is ultimately required for fast user ... > |> some users who have altered their pagefile from what was the defaults have ...
    (microsoft.public.windowsxp.perform_maintain)