bagle strikes again - please help

Welcome to Majorgeeks! Marcelinho, and no worries on your english as its fine, your best bet is to follow the below guide in which we direct everyone to follow first, from the logs gained and attached in your next post in this thread our malware experts will be able to find and name the malware thats attacking you and from that post some manual removal instructions for you to follow.

If you do find any of the steps hard to follow due to language, please do let us know and we will try our best to assist you to run those steps.



Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Hi


What errors happen when you use CCleaner, please describe why it would not work?

As for MGTools the download location and instructions for running are in the specific read me for your version of Windows here Read & Run Me click the link that is for your Windows version then follow the instructions 1 by 1.


Its best to follow the guide as we have a better understanding of what these applications do and what they have cleaned, so once finished your at a point in which is a known one in terms of whats been checked for and removed, deviating and using other applications will add to the lenght of time taken to help you remove this malware, which is our primary goal and one our malware experts are very good at.

 

Where are you running ComboFix from? The cf.exe file is supposed to be on your Desktop and it is not there. Also you must follow the instructions in the READ ME for running it properly.

You need to get the other logs that are requested attached. Like the logs from SUPERAntispyware and Malwarebytes Anti-Malware.

 

Personally I don't like any internet security suites. Just like you have noticed, everyone who installs them winds up complaining that their PC is slow and they often come to this forum looking for malware to be the cause when it is the security suite that is the problem.

 

That's fine but you need a realtime antispyware blocking tool. The free version of SUPERAntiSpyware is an on demand scanner and does not provide protection. If you purchase it, you will get protection and a great tool. Otherwise you need to install a realtime spyware blocker as seen here: How to Protect yourself from malware! I also recommend that you use Spybot (without Teatimer) and use the Immunize feature. Also install and use SpywareBlaster.


Looks like the scanners took care of the worst of your problems. We have just a little to do.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -

After clicking Fix, exit HJT.

Now delete the below file. Let me know if you have a problem doing this.
C:\WINDOWS\system32\drivers\wnmsav.dat

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.