[Calipepe]

Sometimes I am a little too trusting! With my Norton 2005 Antivirus updated and enabled, I opened what looked to be a jpeg file. Legs.f5434.exe is its name to be exact, or A.K.A Worm.Bagle.br. This e-mail was sent on 6-27 at 1:49pm from [email protected]. My brother is an IS guy, and he checked his work logs and they had gotten it at the same time. Ewido rocks! I ran Ad-aware and Spybot, and my Norton Anti-Virus, and Norton said it was clean. Rundll is now having a fit loading the WildTangent game file, and Norton was kicking out an error that said it had a problem with the Integrator. Any thoughts? Thank You. Here is my Ewido report:

-------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:50:20 AM, 6/30/2005
+ Report-Checksum: 13A88CBB

+ Date of database: 6/30/2005
+ Version of scan engine: v3.0

+ Duration: 48 min
+ Scanned Files: 158136
+ Speed: 54.23 Files/Second
+ Infected files: 36
+ Removed files: 36
+ Files put in quarantine: 36
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Administrator.YOUR-041D0AB995\Cookies\administrator@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-041D0AB995\Cookies\administrator@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-041D0AB995\Cookies\administrator@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-041D0AB995\Cookies\administrator@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-041D0AB995\Cookies\administrator@spylog[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Legs.zip\f5434.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1\A0000168.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1\A0000174.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1\A0000180.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP1\A0001180.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP2\A0002254.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP2\A0002286.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP2\A0002677.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0002812.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP3\A0003809.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP4\A0003821.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP4\A0003829.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP4\A0005872.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP4\A0006303.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP4\A0006392.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP5\A0006749.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP5\A0007776.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP5\A0008777.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP5\A0009811.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP6\A0009829.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP6\A0010829.exe -> Worm.Bagle.br -> Cleaned with backup
C:\System Volume

[Advertisements]

Hi Calipepe

Could you please do a HijackThis log as explained here http://www.geekstogo...?showtopic=2852 The instructions for using HijackThis are towards the end of the topic.

This will help us see what is happening on your computer so we can help.

[ilago]

Hi Calipepe

Could you please do a HijackThis log as explained here http://www.geekstogo...?showtopic=2852 The instructions for using HijackThis are towards the end of the topic.

This will help us see what is happening on your computer so we can help.