BleepingComputer.com: Mdelk.exe / Worm_bagle.ko

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Mdelk.exe / Worm_bagle.ko How to remove this any help pls?

#1 User is offline   duhhan 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 26-February 08

Posted 26 February 2008 - 08:18 PM

I had norton anti-virus software installed on my computer, i was sending some emails and disabled it for a while, this was my biggest regret after my friend send me a program to send mails, and when i click on this file it says "select a file to crack" and nothing happens, after this my anti-virus program was not working anymore and i couldn't install any anti-virus program at all! I also can't start my computer in safe mode, when I select to start it in safe mode, after 10 seconds from loading the files on the screen it simply reboots.

So My only chance was an online webscanner (trendmico housecall), that did found the following:

Worm_Bagle.ko (c:\windows\system32\mdelk.exe) was infected
troj_generic
troj_proxydis.A
win32\dnet trzdnet.drop trojan.win32.disntnet6656
(c:\windows\system32\iosdt\iosdt.com) (was infected)

most were cleared BUT the mdelk.exe still can't be removed! it keeps installing itself. I managed to remove it for a while with the AD-AWARE since it gave me the option to remove it after reboot. But immediately after it was removed and the windows xp media centre started again, a window saying "select file to crack" was loaded again, then i relised from where the infection came from and deleted this program (as described earlier in the beginning of the problem)

until now i have these two files that contain mdelk:

C:\Windows\Prefetch\MDELK.EXE-0EF461CE.pf
C:\Windows\System32\mdelk.exe (the icon of the mdelk.exe file is like a bunch of 3 keys)

Can anyone please help me on how to kill this process from being born again?

thankyou

This post has been edited by duhhan: 26 February 2008 - 08:30 PM

#2 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,810
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 28 February 2008 - 05:26 PM

Hello duhhan and welcome to BC :flowers:

Can you tell us the name of the "program" your friend sent you?

What is your operating system: Windows XP, Vista, etc.?

Do you have any other security programs installed?

If so, what are they?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users