Solve : Infected With Trojan-downloader.bagle & Email-worm.bagle?

1.	Solve : Infected With Trojan-downloader.bagle & Email-worm.bagle?
Answer» Hi, I'm manged to run Combofix from the start/run way and it has rebooted my pc but seems to be taking a long time to prepare the log. Not sure how long i should wait or what to do next as it seems to have stalled. SteveIf it goes too long then reboot again. The log can be found in C:\combofix.txtHi, I can't seem to find the log file but when i rebooted the icon came up that i had no anti virus installed which i've not seen before. Also i was able to install AVG wihout anything blocking me. I think you may have finaly nailed the Bagle from censored. Do you need me to do anything else or am i clean for now. Cheers SteveIf the log isn't in C:\combofix.txt then run Combofix again and post the log. It is important.Hi.. I ran combofix again and here's the log. Let me know what you think. Cheers Steve [recovering space - attachment deleted by admin]Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally and will help secure the work you have done. . Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . . The above procedure will: Delete: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Now run CCleaner. ---------- I would like to run one more scan for a double check. This will gauge if anything malicious is left to deal with or not. Please run Panda's ActiveScan Once you are on the Panda SITE click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan Note: It may take a couple of minutes When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in the next reply. Important note: You will see the option to DISINFECT my PC on the green button in the bottom of the window. This only works if you buy the full version. There is no need to pay to remove anything, they can be removed with free programs. It is of however your choice. Next post Panda sacn logHi evilfantasy, Here's the scan you requested. It's picked up one infection of spyware. Hope it's not too serious. Thanks Steve. [recovering space - attachment deleted by admin]Do you have Spybot Search & Destroy? If not download HERE. Let it run and fix what it finds. Other than that if you are having any other problems I don't think they are malware related.Hello again I ran Spybot as you suggested and it came back with a couple of issues. But i think these were changes that i made. They were..... Microsoft.WindowsSecurityCenter.AntiVir usOveride Microsoft.WindowSecurityCenter.Firewall Overide Both were registry changes. I couldn't find an option to save the report but let me know if you need any more info Cheers SteveNo I think it is clear of malware.Hi evilfantasy, Just want to say a big thanks for all your help with the Bagle bashing. And sooo glad you didn't give up the fight, at one point wiping clean looked like the only way. I now have a smile back on my face. Let me know if i need to close this post in any way and if not.... All the best, SteveNo problem on the help, it's what we do. The posts stay open in case you need to add anything more. Final steps........... Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 This is a good time to clear your infected system restore points and establish a new clean restore point: Go to Start > All Programs > ACCESSORIES > System Tools > System Restore Select Create a restore point, and click Next. Next, go to Start > Run and type in cleanmgr Select the More options tab Next to System Restore click Clean up... This will remove all restore points except the new one you just created. Use the Secunia Software Inspector Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when RUNNING Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why would I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Let us know if anything else comes up.

Answer»

Hi,

I'm manged to run Combofix from the start/run way and it has rebooted my pc but seems to be taking a long time to prepare the log. Not sure how long i should wait or what to do next as it seems to have stalled.

SteveIf it goes too long then reboot again. The log can be found in C:\combofix.txtHi,

I can't seem to find the log file but when i rebooted the icon came up that i had no anti virus installed which i've not seen before. Also i was able to install AVG wihout anything blocking me. I think you may have finaly nailed the Bagle from *censored*.
Do you need me to do anything else or am i clean for now.

Cheers

SteveIf the log isn't in C:\combofix.txt then run Combofix again and post the log. It is important.Hi..

I ran combofix again and here's the log.
Let me know what you think.
Cheers
Steve

[recovering space - attachment deleted by admin]Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally and will help secure the work you have done.
.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Now run CCleaner.

----------

I would like to run one more scan for a double check. This will gauge if anything malicious is left to deal with or not.

Please run Panda's ActiveScan

Once you are on the Panda SITE click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan
Note: It may take a couple of minutes

When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report in the next reply.

Important note: You will see the option to DISINFECT my PC on the green button in the bottom of the window.
This only works if you buy the full version. There is no need to pay to remove anything, they can be removed with free programs.
It is of however your choice.

Next post
Panda sacn logHi evilfantasy,

Here's the scan you requested.
It's picked up one infection of spyware. Hope it's not too serious.

Thanks

Steve.

[recovering space - attachment deleted by admin]Do you have Spybot Search & Destroy?

If not download HERE. Let it run and fix what it finds. Other than that if you are having any other problems I don't think they are malware related.Hello again

I ran Spybot as you suggested and it came back with a couple of issues. But i think these were changes that i made.

They were.....

Microsoft.WindowsSecurityCenter.AntiVir usOveride

Microsoft.WindowSecurityCenter.Firewall Overide

Both were registry changes. I couldn't find an option to save the report but let me know if you need any more info

Cheers SteveNo I think it is clear of malware.Hi evilfantasy,

Just want to say a big thanks for all your help with the Bagle bashing.
And sooo glad you didn't give up the fight, at one point wiping clean looked like the only way.
I now have a smile back on my face.

Let me know if i need to close this post in any way and if not....

All the best,

SteveNo problem on the help, it's what we do.

The posts stay open in case you need to add anything more.

Final steps...........

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

This is a good time to clear your infected system restore points and establish a new clean restore point:

Go to Start > All Programs > ACCESSORIES > System Tools > System Restore
Select Create a restore point, and click Next.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Next to System Restore click Clean up...

This will remove all restore points except the new one you just created.

Use the Secunia Software Inspector

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
Here are some great tools to help you keep from getting infected again.

Spybot Search & Destroy - A safe and effective spyware scanner.
* Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

AVG Anti-Spyware Free Edition - Very reliable with a high detection rate.
* AVG Anti-Spyware User Manual

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when RUNNING Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware

Comodo BOClean - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
* Click here for a list of free firewalls.
* Why would I consider a third party firewall?
* Understanding and Using Firewalls

UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Let us know if anything else comes up.

Solve : Infected With Trojan-downloader.bagle & Email-worm.bagle?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment