Problems with win32.bagle

Discussion in 'Malware Help (A Specialist Will Reply)' started by Aukikco, May 19, 2008.

  1. Aukikco

    Aukikco Private E-2

    Ok, so a few days ago, due to my own carelessness and stupidity I managed to get an infection of win32.bagle. After this, my computer rebooted without a firewall or virus protection.

    I scanned everything for a couple of times in normal mode because safe mode crashed - I managed to get a copy of Norton Antivirus working even though most of related exe files were being blocked with the "not a standard win32 application" error message. I found some issues, but apparently not all. In task manager I found hldrrr.exe and several exe files with a random number as the file name. My registry was also filled with entries like "ACMRU, hidires, hidr.exe, firstrrrun, flec006, megadrv3". I carefully went through to delete everything related to those, and seem to have managed.

    Eventually I ended up installing Windows on a different hard drive, and managed to do several scans with different programs. I found out that in addition to win32.bagle I also had bloodhound.beagle, packed.generic.99 and hacktool.rootkit -- may have also been something else, but I have proceeded to delete every single one that the softwares have blocked. I have scanned my computer with at least Norton Antivirus, AVG, Spybot, AD-Aware, Windows Malicious Software Removal Tool, Combofix --- now it seems that I cannot find anything else, but still the connection keeps hanging up.

    I managed to get safe mode working using SafeBootKeyRepair. I have also performed scans there.

    I've been fighting with this for a few days now, and have got to the point where everything else seems to be working but my web connection gets hung up after 5 minutes of surfing or so. This does not happen on the fresh installation.

    I have checked my firewalls on the infected XP installation, I just changed from Zonealarm to Comodo, so it has nothing to do with those. The internet connection seems to be working otherwise, for example p2p software gets through - it seems to be just the www part that doesn't work.

    I read that someone else here also had the same kind of problem, but that thread kind of ended without this person ever mentioning how they got rid of the connection problem...

    Any help appreciated.
     
    Aukikco, May 19, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm not sure it the thread you are mentioning ever got resolved here in the Malware Removal Forum. We may have remove all malware traces and tried several things to repair the connection; however we may have sent the user to the Software or Hardware Forum for continued support.

    As far as you problem is concern, we will need you to run the below on your PC (make sure that you are booting from the hard disk that has the infected copy of Windows). This infection can be quite nasty. Sometimes it is removed easier than others, but often it requires booting to the Recovery Console to remove everything.

    First please try running this online scanner: Using PandaActiveScan attach the requested log here first and then continue on with the below instructions.

    Now please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    Last edited: May 19, 2008
    chaslang, May 19, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds