BAGLE.KO Problem-Cleaning Procedure Done

Hi all,
Thank you for all these information,you help very much with my WORM_BAGLE.KO trouble.Read and apply all your instructions.

First I remove the HDD from my laptop,put it in an usb case. But the main partition (C:\) was missing.But I scan the other partition (D:\)with trojan remover.Nothing found.
I put the HDD back and try to open safe mode, unsuccessful on it. But system opened with option "Directory services mode" in safe mode.
Trojan Remover found the virus in safe mode.

System restarted, but ZoneAlarm (not a win32 application) and Wireless Network (wireless zero configuration disabled, i try to start it with "services" but no way ) dont work either.System slowed,internet very slowed.

Housecall and Kaspersky scanned without any threats but still infected and I can not able to repair.

I attached the logs,system scanned in order :
1) trojan remower 6.6.7
2)Combifix
3)MGTools
4)SuperAntispyware

Please help me to take my comp back,

Thanks in advance

Regards

 

Hi alpercan,
Welcome to Major Geeks!

Your computer isn't in normal startup mode. Please go to Start / Run and type in msconfig and hit the enter key. In the Window that opens, check the Normal Startup and click on apply and ok. After you switch to normal startup mode, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

Please do not continue starting new threads.


Thanks.
abri

 

I swicthed to normal startup and rerun MGtools
log is attached.
I also installed the new XP SP3 hoping to fix the problems,it didnt solve anything

 

I am also having network attack from different ip's .
Kaspersky blocking this attempt
29.02.2008 16:23:12Intrusion.Win.MSSQL.worm.Helkern 90.230.196.66 UDP1434

 

Hi alpercan,
When you ran GetLogs.bat in the MGTools folder under C, it didn't produce the runkeys.txt log that we usually get as one of the zipped files. This can happen if you don't allow GetLogs.bat to run all the way to completion. Please run GetLogs.bat again and be sure to wait until you get the message to click on any key to close the window and produce the logs. The logs are called MGlogs.zip and can be found directly under C:

Attach the new set with your next post. If you are again missing the runkeys.txt log, please note an error messages you get.

Thanks.
abri

 

Hi again abri,
I hope this time i did it right
Thank you very much for your time

 

You're getting closer. To begin with, please go to Start / Run and type in msconfig and then hit the enter key. In the window that opens up, please check normal startup, then click on apply and okay. Your computer will boot up in normal startup mode.

Then I would like for you to run CCleaner in the default setting with the Windows tab as the one on top. When you first read through the READ & RUN ME, you were asked to install CCleaner and run it according to the instructions. I need for you to do this now.

Now please run the GetLogs.bat and attach the new set of logs. The logs, called MGlogs.zip can be found directly under C: just above the superman icon.

Thanks.
abri

 

The latest log attached

 

Hi alpercan,

Please do the following:

1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Go to add/remove programs and uninstall the below:

Messenger Plus! Live
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SYSTEM] winmgrd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

After you click fix, just close hijackthis.

7) Now run CCleaner at the default setting with the Windows tab as the one on top.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri