Win32:Beagle-AAW can't get rid of it :(

Welcome to Major Geeks!

Use the additional tips/notes in the below to help you move further along. Pay close attention that we say not to stop!!!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

• If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
  • TDSSserv Non-Plug & Play Driver Disable
• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

You're welcome.

You weren't supposed to run in safe mode so that does not matter.

It always creates a log and so does SUPERAntiSpyware. Please attach the logs which you can find as shown below. Since you ran MBAM more than once, please attach both logs from it.

Code:

"C:\Documents and Settings\FRANCESCA\Datiapplicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
17 May 2009         465  "SUPERAntiSpyware Scan Log - 05-17-2009 - 13-08-05.log"
 
 
"C:\Documents and Settings\FRANCESCA\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
13 May 2009        1050  "mbam-log-2009-05-13 (20-14-37).txt"
17 May 2009         983  "mbam-log-2009-05-17 (16-09-18).txt"

Your logs do not show signs of an active Bagle/Beagle infection. I see signs that you once had the infection and that pieces were removed by ComboFix in a previous scan. Do you have some scan telling you that you are still infected? If so, what scanner and attach a log from it?


You do need to uninstall all of the below out dated versions of software:
a-squared Free 2.0
Ad-Aware SE Personal
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Spybot - Search & Destroy 1.5.2.20

Then you should reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


I also strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing. Perhaps some of these bagle tools you are downloading are even being detected as problems.

 

Let's make sure all of it was found and removed. Run the below procedure.

Removing Bagle Infections

 

Okay FindyKill remove some more issue, but did you notice that it sees that some of your applications have been corrupted. You need to uninstall all of the below and reboot:

A-squared
Avast4
FireFox
Mozilla Thunderbird
PartitionMagic 8.0
Skype

After reboot reinstall all but A-squared



Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Then attach the new C:\MGlogs.zip file

Make sure you tell me how things are working now!