Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infection mdelk.exe and bagle [RESOLVED]


  • This topic is locked This topic is locked

#31
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
srosa

[Exclude]

[Options]
Filter=KVDLUI



  • Open the Regsearch folder , and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.
Go to Start -> Run copy and paste the following command and click OK:

CMD /C Dir /a:-d "C:\Documents and Settings\user" >"%userprofile%\Desktop\Getit.txt"

It shall produce a text file on your desktop, Getit.txt. Open this file in Notepad and post its contents.
  • 0

Advertisements


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type A to create a System Report
  • Please be patient as this scan may take some time
  • When the scan has finished post back the SystemReport.txt from the SDFix folder

  • 0

#33
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Regsearch results have been uploaded and Getit.txt also.

The system report is too big to upload, will try to post it in the reply.

Attached Files


Edited by Karol33, 02 March 2008 - 07:44 PM.

  • 0

#34
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Can you give me a site too upload the system report?

Edited by Karol33, 02 March 2008 - 07:45 PM.

  • 0

#35
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Can you give me a site too upload the system report?

Edited by Karol33, 02 March 2008 - 07:45 PM.

  • 0

#36
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "To JSntgRvr"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • System report
  • Click Open.
  • Click Post.

  • 0

#37
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Done.
  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
There is a lot of information to examine. Will get back to you soon.
  • 0

#39
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Download the enclosed folder. Save and extract its contents to the desktop. It is important that it is saved on your desktop. It is an application, Mypoppy.exe. Once extracted, doubleclick on Mypoppy.exe. It shall produce a report for you. Be patient, it may also restart the computer. Once finished, please post its report in a reply.
  • 0

#40
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Same as before, I only get a blue window an a white pulsing line.
  • 0

Advertisements


#41
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Ok i have another problem. I got a call from my internet provider today, Time Warner and they said that my pc is sending out Spam/Junk Mail and they said if I don't get rid of it soon they will suspend my internet connection, can you help me with this because I don't know what to do it? Is bagle sending it or something else that came with it?

Edited by Karol33, 03 March 2008 - 05:58 PM.

  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
There is a major infection in that computer.

Download the enclosed folder. Save and extract its contents in your C:\ folder. It is important that you save this folder in the C:\ folder. Once extracted, open the BagleFix folder and double click on the Fixme.bat file. the computer will restart. After the restart is completed, please run the following command (Start-> Run, copy and paste->Click OK):

"%userprofile%\desktop\MyPoppy.exe" /killall

If still receiving the same error, then please remove your Antivirus program and download and run this file:

http://files.avast.c...eta/aswbeta.exe

It will download the latest BETA version of AVAST Antivirus. Run the Scan and letme know the outcome
  • 0

#43
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Before downloading and installing aswbeta.exe, download the free edition:

http://www.avast.com..._protectio.html

Don't know if this BETA update will work on the Free Edition.
  • 0

#44
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Did what you said. The combofix thing worked it ran and deleted a lot of files, but it didn't produce a log, it said that it was preparing a log but nothing happened after a while. I ran the AVAST free edition got 17 infections of bagle and I deleted all of them.

Some odd things happened but its nothing probably, my time changed to military.

I got a catchmelog I will copy it here. Most of my apps came back online also.

file zipped: C:\Windows\system32\drivers\srosa.sys -> catchme.zip -> srosa.sys ( 124890 bytes )
PE file "C:\Windows\system32\drivers\srosa.sys" killed successfully
file zipped: C:\Windows\system32\drivers\srosa.sys -> catchme.zip -> srosa.sys.1 ( 124890 bytes )
file "C:\Windows\system32\drivers\srosa.sys" deleted successfully
  • 0

#45
Karol33

Karol33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
After that I ran a deep scan and got some more infections and I deleted them all and no problems so far.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP