PDA

Просмотр полной версии : BAGLE.32 ?? NEED HELP !!!!



ciausazumab
23.01.2008, 06:34
BAGLE.32 ?? THIS VIRUS IS STILL ALIVE... AND BLOCKS VARIOUS ANTIVIRUS SOFT..
I think its bagle.32...

there is an inactive process of system that consumes high rates of CPU.. and i cant kill this... i have tried with killprocess.exe too...
the Avira rootkit detected the bagle and a lot of infectious *exe files in windows/system32/drivers ... but after the removal of files the virus keeps alive!!!!

and i cant run various antivirus... for example AVG Anti-Rootkit Free when i execute this program a msg says " it is a win32 non valid aplication"...

PLSS HELP

drongo
23.01.2008, 11:40
Welcome !
What is name of an "inactive process" ?
Did you make a copy of the deleted files ?
Does you have 2 firewalls ? I see parts from BlackIce and Outpost - you should uninstall one of them completely .
I see drivers of the AVG in your system- i think there was some malfunction in the installation process. Does you have in add/remove programs an option to uninstall AVG ?
Execute the following the script in avptool :

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\SYSTEM32\SMWIZARD.EXE', '');
QuarantineFile('C:\WINDOWS\system32\Drivers\vdy0mt e5.sys','');
QuarantineFile('C:\WINDOWS\system32\itss.dll','');
QuarantineFile('C:\WINDOWS\wc98pp.dll','');
QuarantineFile('C:\WINDOWS\winstart.bat','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\ipnat. sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\wdmaud .sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\cledx. sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\mchInj Drv.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\KCOM.S YS','');
QuarantineFile('c:\windows\system32\netman.dll','' );
QuarantineFile('c:\windows\system32\es.dll','');
QuarantineFile('C:\WINDOWS\system32\colbact.DLL',' ');
QuarantineFile('C:\WINDOWS\system32\comsvcs.dll',' ');
QuarantineFile('C:\WINDOWS\system32\myokent.dll',' ');
BC_ImportAll;
BC_Activate;
ExecuteRepair(1);
ExecuteRepair(6);
ExecuteRepair(9);
ExecuteRepair(12);
RebootWindows(true);
end.

Your computer will reboot. The copy of the requested files should be created in the sub folder quarantine in your avptool .
You should zip them with password virus and send us by link : http://virusinfo.info/upload_virus_eng.php?tid=16847

ciausazumab
23.01.2008, 19:38
hi drongo!, first thanx 4 your help! by the moment i dont use any firewall but in the past i installed outpost and blackice... and now im using avast antivirus... it seems like the fu**ng worm is now quiet... now i can install and use antiviral and anti rootkits software..

the last scan of avast says that im infected with BEAGLE.YN AND WIN32.CTX ...

i dont understand what you mean with " You should zip them with password virus and send us by link "

password virus? what is that?


THANX FOR YOUR HELP AGAIN DUDE!

Добавлено через 5 минут

:( the avp tool have failed and avast detec by the moment i execute the script Win32:trojan-gen in the file... C:\WINDOWS\system32\Drivers\vdy0mte5.sys

i think im multi-infected....but im sure im GOING CRAZY AND SICK !!!!


:(

drongo
23.01.2008, 19:53
read this : http://avptool.virusinfo.info/en/AVPTool_helpdesk_fileattach.htm
Disable your antivirus and execute my script again.
About zip archive, the password that you need to put in is "virus" without quotes ;) Read here how to zip : http://www.dslreports.com/faq/8730

If you have an avast, why do you need a PCSuite ?

ciausazumab
23.01.2008, 20:40
what is pc suite ?

about the "inactive system process" that is running and i cant delete.. it consumes a variable amount of CPU and uses always 16kb of memory.. the user name is SYSTEM :S

what is this program? is it the worm?

thanxxx agaiiiin

Добавлено через 17 минут

I dont use pc suite anyway.. :P

drongo
23.01.2008, 20:41
Actually, i don't understand what is "inactive system process" that is running ;)))
if the process is running it can't be inactive ;)

What about your quarantine, that i did request from you? I can't find it :)

ciausazumab
23.01.2008, 20:54
again AVZ_scan failed msg... and i disabled before executing the scprit the "acces protection feature" on my Avast

Добавлено через 2 минуты

the process is running... it consumes CPU.. and always 16kb of memory... and its imposible to kill the task...

but appears with the name of "inactive system process" :S

Добавлено через 1 минуту

drongo do you think Avast is a good antivirus?? or should i download another Anviral tools?

Добавлено через 1 минуту

can i zip and upload the files you request manually? without using the script?

drongo
23.01.2008, 20:57
strange :)
Download avz http://z-oleg.com/avz4.zip, unzip it to new folder ,execute script there. ( http://virusinfo.info/showthread.php?t=9207 )
you can find them manually, but it more harder :)

ciausazumab
23.01.2008, 22:20
God damn it!!!!!


with the avz.zip in C: directory i try to acces the zip and unzip.. and this msg comes to me... " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item "

:S

Добавлено через 1 минуту

im downloading again the file and i save to D: i hope nothing intercept the zip again :S

drongo sorry about my english :P

Добавлено через 1 час 9 минут

i uploaded the files in the quarantine folder from mi avz tool :D

drongo
23.01.2008, 23:16
Alleluia :dance3:
Please find these files manually, and send us ( in zip and password protected, now you know the password ;) ) ( use this topic for help : http://virusinfo.info/showthread.php?t=9208 )

C:\WINDOWS\tmpcpyis.bat
C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\system32\Drivers\vdy0mte5.sys

P.s.Your English is better that my Spanish ;)

ciausazumab
24.01.2008, 04:27
i cant find C:\WINDOWS\system32\Drivers\mchInjDrv.sys
C:\WINDOWS\system32\Drivers\vdy0mte5.sys

i just find C:\WINDOWS\tmpcpyis.bat

i have tried with the instructions about how to perform the search... :S

Добавлено через 20 минут

should i upload tmpcpyis.bat
?

Добавлено через 3 часа 20 минут

HEEEEEEEEEELP

drongo
24.01.2008, 12:43
Yes. Send us :)
We have an answer from kaspersky antivirus lab- they didn't find any virus there.
I think your problem is because you are trying to install every "anti" that you can find. And malfunctions- are happens :)
We can try to remove them , i didn't promise that it will solve your problem, but it better to try :)

Here the plan :
1) Go to the system tray an close any protection software that you see.
2) Go to the control panel -> add/remove programs , and remove from there any antivirus, antitrojan, antirootkit, antispyware including Spyware Doctor ;) and don't tell me that you haven't- you send us a file from it in archive :) reboot your computer !
3) make a new log from avptool, or avz (Start AVZ. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box. Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. ) reboot your computer !

Attach it to your next post. We well try to clean your system manually.

ciausazumab
25.01.2008, 00:34
thanxxx drongo! tomorrow i will follow the plan and see what happen! :P

its true that i've installed all anti-sh*t i've found :P hehehe

now i have to go!

take care dude!