Win32.Bagle.hi Trojan, perhaps more

Welcome to Major Geeks!

Did you notice any error messages while running MGtools? Your logs are incomplete. Also did you accept the license agreement for HijackThis as requested.

Having you been using the Guest user account on this PC? I see a lot of files and folders for it. This account is a security risk and should always be disabled.

Also what user ID are you logging in with. What I see does not match the user account names on the PC.

Uninstall the below software:
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 7
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your last log from MGtools is very incomplete. You must make sure you are following the instructions for running it with Vista. See this link Using MGtools also make sure you download the current version and then run the MGtools.exe file. Make sure UAC has been disabled and you have rebooted. Also make sure you accept the TrendMicro HijackThis license agreement by clicking the Accept button twice.

Attach the new MGlogs.zip file.

 

Why do you have so many antivirus/security suite programs installed? Didn't you read the early instructions in the READ & RUN ME?

You need to decide which program from the below list you wish to use and then you must immediately uninstall the others.

AVG Free 8.5
BitDefender Free Edition v10
BitDefender Total Security 2009
McAfee SecurityCenter
Norton Security Scan

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Windows\temp
C:\Users\Joan\AppData\Local\Temp

Now run Ccleaner to clean out only temp files and nothing else!

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!


The Bagle infection appears to be fixed now; however the infection may have been the cause of the problems with your wireless inferface. Try the below to see if it helps:

Fixing Wireless Zero Config Service