Help with Bagle

Discussion in 'Malware Help (A Specialist Will Reply)' started by netule, Apr 28, 2010.

  1. netule

    netule Private E-2

    Hi,

    I got this virus because I downloaded an ebook archive from Emule which contained also an exe on which, of course, I clicked to open.

    I have two users on my computer, both with admin rights. I got the virus while beeing logged in with the second user. Few minutes after the exe was launched the bitdefender icon dissapeared and internet connection was closed. After restart and logging in with the same user name, bitdefender didn't start at all, but internet connection was available.

    I went to your website for instructions and tried to follow them. When clicking to download SAS the internet explorer automatically closes.
    -Malwarebytes worked to download, install and run.
    The virus closed my internet explorer when trying to open the links for the others programs.

    It came to my mind to switch to the first admin account to see how are the things looking from there.

    Even though the bitdefender was being closed there too I could download all the programs, install and run them, except SAS.

    ----

    I observed in the Task manager a file with a strange number being accessed:159734.exe . After few seconds it dissapeared.
    Malwarebyte descovered many (above 300) files with worm.bagle being infected.

    I found on the forum a thread with solution specailly for bagle (FindyKill). I followed the procedure there and I thought it was alright. But when I logged into the second user the worm started to manifest in the same manner as before. And everything was infected as before.

    I got out from that user and relogged into the first user admin account and I was able to rerun all the programs and I attached the logs.

    Below, in the next post, is the log with the FindyKill.

    I know that a reinstall is much easier but I want to avoid that for the moment.

    I hope I didn't mess things up and let me know if you need any other details.


    Thanks for your help
     

    Attached Files:

    netule, Apr 28, 2010
    #1
  2. netule

    netule Private E-2

    Findykill Log

    FindyKill Log
     

    Attached Files:

    netule, Apr 28, 2010
    #2
  3. netule

    netule Private E-2

    SAS log

    After restart I was able to install Super AntiSpyware and performed a scan as advised in your forum.
    Attached is the log file.
     

    Attached Files:

    netule, Apr 28, 2010
    #3
  4. netule

    netule Private E-2

    Today, after logging in and waiting a few minutes for the normal services to start my desktop frozen. I could only move the mouse, that's it.
    As I must continue my work and not even being able to use the computer even like that - infected, I chose to reinstall windows xp.

    I am not sure everything is gone, but I surely hope so. If you guys have any other hint from reading the logs in order to be safe please advise. Maybe the worm still resides somewhere, I don't know...

    thanks
    regards
     
    netule, Apr 29, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    If you properly reinstalled Windows, it should be gone. To know for sure, you would have to re-run the cleaning procedure and attach new logs since the old ones are of no use anymore after a reinstall.
     
    chaslang, Apr 29, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds