1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strange e-mule behavior after bagle worm

Discussion in 'Virus & Other Malware Removal' started by Guy_tech, Jul 17, 2007.

Thread Status:
Not open for further replies.
  1. Guy_tech

    Guy_tech Thread Starter

    Joined:
    May 25, 2007
    Messages:
    32
    Hi,

    I downloaded a nasty file on e-mule that BitDefender detected as worm.bagle.ZIU. Apparently BD blocked the worm but I noticed that the temporary download file was still in e-mule's \temp folder. I couldn't remove it so I went into Safe Mode and deleted the folder. Funny thing is that now when I start e-mule, uploading starts before I connect to a server. Does anyone have a clue how I can solve this ? Is there something wrong with e-mule ?

    My HJT logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 02:12:19, on 17/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\SnoopFreeSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
    C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe
    C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
    C:\WINDOWS\SnoopFreeUI.exe
    C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe
    C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\Messenger\msmsgs.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Arquivos de programas\Mozilla Firefox\firefox.exe
    C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Sala\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Soryy. We can't help with any problems related to illegal P2P applications.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596758

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice