Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV, Firewall Disabled. [not a valid Win32] message


  • Please log in to reply
3 replies to this topic

#1 Ibn Saeed

Ibn Saeed

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 09 January 2009 - 12:44 AM

Hello

I think i open a zipped file and after that the computer shutdown automatically.

When i restarted the computer, my antivirus, my firewall were disabled. When i tried to run them manually from the Start Menu, it displayed the following message:

D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe is not a valid Win32 application.




D:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe is not a valid Win32 application.



I tried to run Spybot - Search & Destroy, but the program did not open.

I tried running Trendmicro HouseCall Online, but when it was scanning, it displayed message that certain files are not able to upload.

Then i tried to run HijackThis, it displayed the same message:

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe is not a valid Win32 application.



I tried System Restore, it did not work.

I tried to go in Safe Mode, it did not work

I really dont know what to do, I am sure that my computer is infected.


I tried to follow the steps at : http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

But a message box appeared with :

Format of the file could not be determined


im running Windows XP SP3.

Edited by Ibn Saeed, 09 January 2009 - 12:47 AM.


BC AdBot (Login to Remove)

 


#2 Ibn Saeed

Ibn Saeed
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 09 January 2009 - 04:13 AM

Just ran Malwarebytes Anti-Malware


Malwarebytes' Anti-Malware 1.32
Database version: 1633
Windows 5.1.2600 Service Pack 3

1/9/2009 1:04:10 PM
mbam-log-2009-01-09 (13-04-10).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 706142
Time elapsed: 1 hour(s), 55 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\IbnSaeed\Application Data\m (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\IbnSaeed\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA1300B-354C-4703-ACE1-66C7993F0AA7}\RP412\A0064332.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Documents and Settings\IbnSaeed\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\IbnSaeed\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\IbnSaeed\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\IbnSaeed\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.



#3 Ibn Saeed

Ibn Saeed
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 15 January 2009 - 10:05 PM

i formatted my computer and reinstalled windows since no one helped me here.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:27 PM

Posted 15 January 2009 - 10:29 PM

Hello sorry no one of our volunteers were able to help you. But would like you to know that with the Bagle infection . The full wipe and reinstall of the OS is the choice I would have made.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users