Bagel Worm Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by bucsab12, Jan 10, 2010.

  1. bucsab12

    bucsab12 Private E-2

    Hello everyone

    my computer knowledge is very basic so please try to understand if I have any simple questions.

    Today my brother downloaded some file onto the computer and since that moment, my computer stopped working properly. I deleted the file but the damage has been done.

    I have searched previous posts on this forum and came to the conclusion that it is probably a virus called "bagel" but I am not sure because it was not identified by that name by any of the online AVs.

    After my brother downloaded the file, the computer shut itself down and when it restarted, my AV - Avast and Spybot both were down. When I double click on one of these programs, it gives me the following message:

    "C:\Program Files\Alwil Software\Avast 4\ashAvast.exe is not a valid Win32 application."

    A similar message appears when I try to open Spybot S&D.

    I run Windows XP Pro and I did everything according to your "Windows XP Cleaning Procedure" guide but it did not help. I attached all the logs to this message.

    I also tried to scan the computer using all sorts of online scanners but it did not solve the issue either.

    Any help will be appreciated.

    Thank you very much in advance
     

    Attached Files:

    bucsab12, Jan 10, 2010
    #1
  2. bucsab12

    bucsab12 Private E-2

    This is the log from MG-tools.
     

    Attached Files:

    bucsab12, Jan 10, 2010
    #2
  3. bucsab12

    bucsab12 Private E-2

    I managed to solve the problem thanks to all the help that I found at the site.

    I am not sure what action "defeated" the virus but after completing all the steps you described in your site and running a few removal tools I was able to repair the Avast installation on my computer and schedule a boot time scan that found all the problems.

    Thanks for everything.
     
    bucsab12, Jan 11, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We are happy to hear you resolved your problems. However you did not have a bagle infection. At least not one the was active. Your logs show no signs of bagle or other infections. If you had a bagle infection, you would not have been able to run SUPEAntiSpyware, Malwarebytes, ComboFix, or RootRepeal. They all would have been blocked.

    The only things you need to do are below which includes final steps.


    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9

    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 13, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds