Просмотр полной версии : BAGLE.32 ?? NEED HELP !!!!
ciausazumab
23.01.2008, 06:34
BAGLE.32 ?? THIS VIRUS IS STILL ALIVE... AND BLOCKS VARIOUS ANTIVIRUS SOFT..
I think its bagle.32...
there is an inactive process of system that consumes high rates of CPU.. and i cant kill this... i have tried with killprocess.exe too...
the Avira rootkit detected the bagle and a lot of infectious *exe files in windows/system32/drivers ... but after the removal of files the virus keeps alive!!!!
and i cant run various antivirus... for example AVG Anti-Rootkit Free when i execute this program a msg says " it is a win32 non valid aplication"...
PLSS HELP
Welcome !
What is name of an "inactive process" ?
Did you make a copy of the deleted files ?
Does you have 2 firewalls ? I see parts from BlackIce and Outpost - you should uninstall one of them completely .
I see drivers of the AVG in your system- i think there was some malfunction in the installation process. Does you have in add/remove programs an option to uninstall AVG ?
Execute the following the script in avptool :
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\SYSTEM32\SMWIZARD.EXE', '');
QuarantineFile('C:\WINDOWS\system32\Drivers\vdy0mt e5.sys','');
QuarantineFile('C:\WINDOWS\system32\itss.dll','');
QuarantineFile('C:\WINDOWS\wc98pp.dll','');
QuarantineFile('C:\WINDOWS\winstart.bat','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\ipnat. sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\wdmaud .sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\cledx. sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\mchInj Drv.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\KCOM.S YS','');
QuarantineFile('c:\windows\system32\netman.dll','' );
QuarantineFile('c:\windows\system32\es.dll','');
QuarantineFile('C:\WINDOWS\system32\colbact.DLL',' ');
QuarantineFile('C:\WINDOWS\system32\comsvcs.dll',' ');
QuarantineFile('C:\WINDOWS\system32\myokent.dll',' ');
BC_ImportAll;
BC_Activate;
ExecuteRepair(1);
ExecuteRepair(6);
ExecuteRepair(9);
ExecuteRepair(12);
RebootWindows(true);
end.
Your computer will reboot. The copy of the requested files should be created in the sub folder quarantine in your avptool .
You should zip them with password virus and send us by link : http://virusinfo.info/upload_virus_eng.php?tid=16847
ciausazumab
23.01.2008, 19:38
hi drongo!, first thanx 4 your help! by the moment i dont use any firewall but in the past i installed outpost and blackice... and now im using avast antivirus... it seems like the fu**ng worm is now quiet... now i can install and use antiviral and anti rootkits software..
the last scan of avast says that im infected with BEAGLE.YN AND WIN32.CTX ...
i dont understand what you mean with " You should zip them with password virus and send us by link "
password virus? what is that?
THANX FOR YOUR HELP AGAIN DUDE!
Добавлено через 5 минут
:( the avp tool have failed and avast detec by the moment i execute the script Win32:trojan-gen in the file... C:\WINDOWS\system32\Drivers\vdy0mte5.sys
i think im multi-infected....but im sure im GOING CRAZY AND SICK !!!!
:(
read this : http://avptool.virusinfo.info/en/AVPTool_helpdesk_fileattach.htm
Disable your antivirus and execute my script again.
About zip archive, the password that you need to put in is "virus" without quotes ;) Read here how to zip : http://www.dslreports.com/faq/8730
If you have an avast, why do you need a PCSuite ?
ciausazumab
23.01.2008, 20:40
what is pc suite ?
about the "inactive system process" that is running and i cant delete.. it consumes a variable amount of CPU and uses always 16kb of memory.. the user name is SYSTEM :S
what is this program? is it the worm?
thanxxx agaiiiin
Добавлено через 17 минут
I dont use pc suite anyway.. :P
Actually, i don't understand what is "inactive system process" that is running ;)))
if the process is running it can't be inactive ;)
What about your quarantine, that i did request from you? I can't find it :)
ciausazumab
23.01.2008, 20:54
again AVZ_scan failed msg... and i disabled before executing the scprit the "acces protection feature" on my Avast
Добавлено через 2 минуты
the process is running... it consumes CPU.. and always 16kb of memory... and its imposible to kill the task...
but appears with the name of "inactive system process" :S
Добавлено через 1 минуту
drongo do you think Avast is a good antivirus?? or should i download another Anviral tools?
Добавлено через 1 минуту
can i zip and upload the files you request manually? without using the script?
strange :)
Download avz http://z-oleg.com/avz4.zip, unzip it to new folder ,execute script there. ( http://virusinfo.info/showthread.php?t=9207 )
you can find them manually, but it more harder :)
ciausazumab
23.01.2008, 22:20
God damn it!!!!!
with the avz.zip in C: directory i try to acces the zip and unzip.. and this msg comes to me... " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item "
:S
Добавлено через 1 минуту
im downloading again the file and i save to D: i hope nothing intercept the zip again :S
drongo sorry about my english :P
Добавлено через 1 час 9 минут
i uploaded the files in the quarantine folder from mi avz tool :D
Alleluia :dance3:
Please find these files manually, and send us ( in zip and password protected, now you know the password ;) ) ( use this topic for help : http://virusinfo.info/showthread.php?t=9208 )
C:\WINDOWS\tmpcpyis.bat
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\system32\Drivers\vdy0mte5.sys
P.s.Your English is better that my Spanish ;)
ciausazumab
24.01.2008, 04:27
i cant find C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\system32\Drivers\vdy0mte5.sys
i just find C:\WINDOWS\tmpcpyis.bat
i have tried with the instructions about how to perform the search... :S
Добавлено через 20 минут
should i upload tmpcpyis.bat
?
Добавлено через 3 часа 20 минут
HEEEEEEEEEELP
Yes. Send us :)
We have an answer from kaspersky antivirus lab- they didn't find any virus there.
I think your problem is because you are trying to install every "anti" that you can find. And malfunctions- are happens :)
We can try to remove them , i didn't promise that it will solve your problem, but it better to try :)
Here the plan :
1) Go to the system tray an close any protection software that you see.
2) Go to the control panel -> add/remove programs , and remove from there any antivirus, antitrojan, antirootkit, antispyware including Spyware Doctor ;) and don't tell me that you haven't- you send us a file from it in archive :) reboot your computer !
3) make a new log from avptool, or avz (Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. ) reboot your computer !
Attach it to your next post. We well try to clean your system manually.
ciausazumab
25.01.2008, 00:34
thanxxx drongo! tomorrow i will follow the plan and see what happen! :P
its true that i've installed all anti-sh*t i've found :P hehehe
now i have to go!
take care dude!
vBulletin® v4.2.5, Copyright ©2000-2024, Jelsoft Enterprises Ltd. Перевод: zCarot