Possible Malware infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by yarafie, Dec 1, 2007.

  1. yarafie

    yarafie Private E-2

    I strongly suspect my computer has been infected.

    It stopped my Mcafee Virus product and I cannot reinstall Mcafee. Gives me an error about file protection at mcafee.exe and I know it doesn't exist.
    I can install but not run "spy-bot search and repair" SpybotSD.exe is missing.
    When I try and install AVG it also complains about guard.exe being protected.
    I downloaded latest firefox 2.0.0.11 and when trying to install it complains about not being able to unpack. Previous firefox installers that usedto work 2.0.0.8 also exhibit the same problem.
    I have run microsoft malicios removal tool and it mentions wint/bagel.gen partial removed, however when I reboot and re-run it it says exactly the same.
    I have run the microsoft online live free scanner and cleaned up a lot of stuff.
    I have run ccleaner and cleaned up stuff.
    I have restore currently disabled.
    I cannot boot up in safe mode - computer hangs with Blue Screen last loading sptd.sys as far as I can tell.
    When I reboot the following services are disabled, windows defender is disabled, autoupdate is disable, windows firewall is disabled. security center is disabled. I enable them by running services.msc.
    I have read and tried to follow READ & RUN ME FIRST. Malware Removal Guide but am unable to attach some of the files because of already mentioned problems.

    I have run the mgtools and am attaching the zip file.

    Someone, Please Help!!!!!!
     

    Attached Files:

    yarafie, Dec 1, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your problems sound more like software or hardware issues. And your logs basically agree since they do not show any signs of malware.

    You do need to uninstall the below though.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME
     
    chaslang, Dec 2, 2007
    #2
  3. yarafie

    yarafie Private E-2

    Thanks.

    I have removed all the items as you suggested.
    I have also run the windows malicious software removal tool 1.35 and it detected the WinNT/Bagle.gen. I followed that with the Full service scanner from Windows Live onecare and it stated that c:\windows\system32\drivers\srosa.sys is likely infected with WinNT/Bagle.ben however it was unable to remove.

    I have rebooted again just to be sure and it still says I am infected.
     
    yarafie, Dec 2, 2007
    #3
  4. yarafie

    yarafie Private E-2

    Well, after a few hours of searching, I downloaded the regrun security suite and viola. It identified the WinNT/Bagle.gen. It removed it and now everything is fine.

    I have installed Mcafee, Firefox update now works nad I plan to re-instal SpybotSD.

    Do you have any other recommendations?
     
    yarafie, Dec 2, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have successfully removed the c:\windows\system32\drivers\srosa.sys file then your next steps would be the below if you are not having any other malware issues.


    1. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    2. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    3. After doing the above, you should work thru the below link:
     
    chaslang, Dec 3, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds