Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm_bagle.ko


  • Please log in to reply
13 replies to this topic

#1 i_quilla

i_quilla

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 February 2008 - 10:38 AM

Hello. Is there anyone to help me out? I have read some posts which are real similar to my problem. But i dont think that there is a short cut to get rid of this xxx worm. So, my avast has stopped yesterday. When i tried to run it it just didnt. I thought uninstalling and then reinstalling it will solve the problem. And i did so but unfortunately i couldnt install it at all. I tried zone alarm. It didnt install. The pc keeps telling me in every attempt to install an antivirus software "Could not execute the external program C:\WINDOWS\system32\ZoneLabs\vsmon.exe"

So i tried online virus scan with trend micro and panda. They found worm_bagle.ko

They found, but they couldnt clean it. I keep reading posts about this subject all day and it seems the problem is case dependant. I need someone to help me. Please.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:15 PM

Posted 28 February 2008 - 10:31 PM

Hello i_quilla and welcome to BC :flowers:

To help us provide you with proper disinfection instructions, please let us know what your operating system is: Windows XP, Vista, etc.

Do you have any other security programs installed?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 February 2008 - 02:41 AM

Hello! Thank you very much in advance! :thumbsup:

My operating system is windows xp pro ver 2002 service pack 2. I do not have any security programs installed right now, because i can't install them for some reason.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:15 PM

Posted 29 February 2008 - 12:23 PM

Hello i_quilla,

Given the fact that you can't install any security programs, I have a couple additional questions. Are you having problems running all programs ending with .exe or just security programs? Do you have problems installing any other programs or just security programs?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 01 March 2008 - 04:21 AM

Hello

I have installed e-mule and mozilla right after this problem has started. So i can install files with the extension "exe" but not zonealarm, avast etc. And right now i have installed mozilla sunbird (a calendar software) just to be sure that i can install ".exe" s. Yes i can. But no antivirus, no security again.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:15 PM

Posted 01 March 2008 - 03:33 PM

Hello i_quilla,

Okay that's good to know. I've a trick up my sleeve that I learned from quietman7 that may get us a log to look at. You may wish to print this out or copy these directions to notepad because you will not have internet connection for a part of what you will be doing.

I would like to run SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. Here's the trick. Before you click on the installation file after you have downloaded it, change the extension to bat. See if that will allow it to install. After it is installed, find the .exe file for the program itself and again change the extension to bat before running it. I have provided the scanning directions below in case you are successful in getting it to install and run. Let us know if you have any problems getting it to install or run and at what stage the problem occured.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 03 March 2008 - 04:06 AM

Hello Orange Blossom!

You should know how nice, tender and light, the orange blossoms smell. I live in the Mediterranean coast and we got orange and tangerine fields in this region. And here is my report!

I was able to install SUPERAntiSpyware by changing the extension to ".bat". After installing it I found the ".exe" file for the program itself and I again changed the extension to ".bat" before running it.

I ran the SUPERAntiSpyware afterwards. It didnt ask me if i want to update the program definitions but i opened the Control Screen and under Configuration and Preferences tab i clicked the Preferences tab. Clicked the Scanning Control tab. Under Scanning Options I checked the following (leaving all the others unchecked):

1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining

Then i closed the control center.

After that i tried to reboot into safe mode. I restarted windows, while it is starting i pressed F8 a couple of times. Windows XP Advanced Options menu presented itself. I choosed Safe Mode using the arrow keys and pressed enter. It tried but couldnt boot in Safe Mode. A screen again appeared asking me how i would like to boot, i choosed Safe Mode again, it couldnt start in Safe Mode, asked me again, i tried once more to start in Safe Mode, couldnt do it, and at last i gave up and i ordered it to start windows normally.

Now we are here. I cant make the machine start in Safe Mode. Before taking the rest of the steps you wrote down previously (scanning in safe mode) i decided to ask you "do we have to do these in Safe Mode?" and "if so, why not do you think my windows cannot boot in Safe Mode?" and "the next step(s)?"...

Best wishes.

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:15 PM

Posted 03 March 2008 - 11:50 AM

Hi i_quilla,

We suggest running scans in safe mode because more malware hiding places are available for scanning there. Since you can't get into safe mode, go ahead and run the scan in Normal Mode and post that log.

I'll have to consult with others to find out what the Safe Mode problem is.

Orange Blossom :thumbsup:

p.s. Are the oranges and tangerines blooming right now? That must smell heavenly.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 04 March 2008 - 04:01 AM

Hellooo!

The oranges start blooming in fall here, suppose in the whole northern hemisphere. Now it is time of apricot and almond flowers...

This is my scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2008 at 10:49 AM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:43:40

Memory items scanned : 310
Memory threats detected : 0
Registry items scanned : 5258
Registry threats detected : 0
File items scanned : 77347
File threats detected : 66

Adware.Tracking Cookie
C:\Documents and Settings\Tolga\Cookies\tolga@ads.adbrite[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adserver2.e-zbanner[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adserver.adsimsar[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@e-2dj6wjk4kmazalp.stats.esomniture[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@rocku.adbureau[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@toplist[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@spamfighter.112.2o7[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@list[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.netlog[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@advert.gittigidiyor[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.guardian.co[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@stat.onestat[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@statse.webtrendslive[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@trackmon.itor[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@e-2dj6wdkokidpsfo.stats.esomniture[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.pubmatic[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@bs.serving-sys[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@e-2dj6waliunajacp.stats.esomniture[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@stats.sahibinden[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.revsci[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@imrworldwide[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-capitalgroup.hitbox[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@track.adform[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.realtechnetwork[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@xiti[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@hotlog[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@statse.webtrendslive[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.googleadservices[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adserver2.e-zbanner[3].txt
C:\Documents and Settings\Tolga\Cookies\tolga@atdmt[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads2.e-zbanner[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adbrite[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.googleadservices[3].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adserver2.e-zbanner[4].txt
C:\Documents and Settings\Tolga\Cookies\tolga@e-zbanner[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.teleint[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.turkadult[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@richmedia.yahoo[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@findaproperty[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ad.e-kolay[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@e-2dj6wcl4sgajcgp.stats.esomniture[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adopt.euroclick[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.addadserver[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adinterax[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@adserver.denizfeneri.org[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.etracker[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@itxt.vibrantmedia[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.googleadservices[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-kitsite.hitbox[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads.realtechnetwork[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@www.googleadservices[4].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ads1.netbul[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@webtracking.touchclarity[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@clickaider[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-mgnlimited.hitbox[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Tolga\Cookies\tolga@yadro[1].txt

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\TOLGA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1SOVDPWT\B64_2[1].JPG
C:\DOCUMENTS AND SETTINGS\TOLGA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1SOVDPWT\B64_2[2].JPG
C:\DOCUMENTS AND SETTINGS\TOLGA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RVDV31GW\B64_2[1].JPG
C:\DOCUMENTS AND SETTINGS\TOLGA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WJ336S1L\B64_2[1].JPG


take care, thanks for helping me, is there anything you would like to get from around here, from Turkey?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:15 PM

Posted 04 March 2008 - 09:54 AM

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode.

If your using Windows XP, go to Start > Run and type: regedit
  • Click OK.
  • On the left side, click to highlight My Computer at the top.
  • Go up to File Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File Exit.
Download SafeBootKeyRepair.exe by sUBs and save to your desktop.
  • Double-click on it and follow the instructions.
  • When finished, reboot and see if you can access safe mode.
Download Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number).
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • This tool generates a log file (sysclean.log) in the same folder where the scan is completed - C:\Sysclean.
  • When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 06 March 2008 - 05:11 AM

Hello

I think we were able to delete worm.bagle

Here is my sysclean log if you would like to take a look at and may i ask which anti-virus program do you suggest me to intall...




/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2008-03-06, 10:55:02, Auto-clean mode specified.
2008-03-06, 10:55:02, Running scanner "C:\Temp\TSC.BIN"...
2008-03-06, 10:58:25, Scanner "C:\Temp\TSC.BIN" has finished running.
2008-03-06, 10:58:25, TSC Log:

2008-03-06, 10:59:31, An error was detected on "C:\System Volume Information\*.*": Erişim engellendi.
2008-03-06, 11:00:32, An error was detected on "D:\System Volume Information\*.*": Erişim engellendi.
2008-03-06, 11:50:22, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:00:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Temp

C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\1SOVDPWT\b64_31[2].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[2].jpg [WORM_BAGLE.KO]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[3].jpg [WORM_BAGLE.KO]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[5].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[6].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[7].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[1].jpg [WORM_BAGLE.KO]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[2].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[3].jpg [WORM_BAGLE.KO]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[4].jpg [WORM_BAGLE.MY]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\WJ336S1L\b64_2[2].jpg [WORM_BAGLE.JT]
C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\WJ336S1L\b64_31[1].jpg [WORM_BAGLE.MY]
C:\WINDOWS\system32\mdelk.exe [WORM_BAGLE.MY]
57533 files have been read.
57533 files have been checked.
46423 files have been scanned.
77887 files have been scanned. (including files in archived)
13 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:50:22
---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:50:22, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:00:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Temp

Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\1SOVDPWT\b64_31[2].jpg
Success Clean [ WORM_BAGLE.KO]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[2].jpg
Success Clean [ WORM_BAGLE.KO]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[3].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[5].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[6].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\25B0H8BY\b64_31[7].jpg
Success Clean [ WORM_BAGLE.KO]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[1].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[2].jpg
Success Clean [ WORM_BAGLE.KO]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[3].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\RVDV31GW\b64_31[4].jpg
Success Clean [ WORM_BAGLE.JT]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\WJ336S1L\b64_2[2].jpg
Success Clean [ WORM_BAGLE.MY]( 1) from C:\Documents and Settings\Tolga\Local Settings\Temporary Internet Files\Content.IE5\WJ336S1L\b64_31[1].jpg
57533 files have been read.
57533 files have been checked.
46423 files have been scanned.
77887 files have been scanned. (including files in archived)
13 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:50:22 49 minutes 48 seconds (2988.18 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:50:22, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:00:32
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Temp

57533 files have been read.
57533 files have been checked.
46423 files have been scanned.
77887 files have been scanned. (including files in archived)
13 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:50:22 49 minutes 48 seconds (2988.18 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:50:22, Scanner "C:\Temp\VSCANTM.BIN" has finished running.
2008-03-06, 11:58:12, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:50:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Temp

21886 files have been read.
21886 files have been checked.
21573 files have been scanned.
21717 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:58:12
---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:58:12, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:50:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Temp

21886 files have been read.
21886 files have been checked.
21573 files have been scanned.
21717 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:58:12 7 minutes 48 seconds (468.36 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:58:12, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2008 11:50:22
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 139 (245945 Patterns) (2008/03/05) (513900)
Command Line: C:\Temp\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Temp

21886 files have been read.
21886 files have been checked.
21573 files have been scanned.
21717 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2008 11:58:12 7 minutes 48 seconds (468.36 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2008-03-06, 11:58:12, Scanner "C:\Temp\VSCANTM.BIN" has finished running.

Thank you very much for your help and support. Hope life brings you joy and happiness each day.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:15 PM

Posted 06 March 2008 - 09:01 AM

Your welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Free Antivirus programs: (choose and install only one)
AVG Anti-Virus Free - AVG Anti-Virus Free User Manual
avast! 4 Home Edition - How to Install, Configure, and Use
AntiVir PersonalEdition Classic (also provides some rootkit detection and removal))
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 i_quilla

i_quilla
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 08 March 2008 - 03:31 AM

you know what? i am at the point where i began. i still cannot install any antivirus. keep getting this message: "Not a valid Win32 application" I thought at last we were able to delete worm.bagle files and that was the cause for the problem. what am i gonna do now?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:15 PM

Posted 08 March 2008 - 07:19 AM

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe extension to .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com and then double-click to run.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users