My laptop has been infected with the Bagle and a couple other virus' and it wont allow me to install any antivirus or spyware software on my system to kill it. Please help

Execute script:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\wintems.exe',' ');
QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr .exe','');
QuarantineFile('C:\Documents and Settings\Permit-It\Application Data\m\flec006.exe','');
BC_ImportquarantineList;
BC_Activate;
RebootWindows(true);
end. When the script runs. your system will restart - it's normal. After restart , upload quarantine using this link: http://virusinfo.info/upload_virus_eng.php?tid=17983 (see appendix 3 of the rules (http://virusinfo.info/showthread.php?t=9184) for details )

I did this and it would not execute the script. I rebooted and rescanned and it found 596 infected files. So I tried to run the AVZ Antiviral Toolkit and nothing would happen so I tried to run HijackThis and it said it was not a valid win32 application

Try to scan your PC with AVPTool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

I ran the tool and here is the log ... it says it deleted the 3 files but they are still there when I re-scan

Sorry here is the log file of the scan

Execute script in avptool :9 how -to -> http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm )


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('srosa');
SetServiceStart('srosa', 4);
DeleteService('srosa');
QuarantineFile('C:\WINDOWS\system32\drivers\srosa. sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr .exe','');
QuarantineFile('C:\WINDOWS\system32\wintems.exe',' ');
DeleteFile('c:\windows\system32\drivers\srosa.sys' );
DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe ');
DeleteFile('C:\WINDOWS\system32\wintems.exe');
BC_DeleteSvc('srosa');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(1);
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(12);
BC_Activate;
RebootWindows(true);
end.

Do make a full scan of all disks with fresh cureit (#2 in our rules ) it should create a log after curing, please attach it to your next post.

*** When the script runs. your system will restart - it's normal. After restart , upload quarantine using this link: http://virusinfo.info/upload_virus_eng.php?tid=17983 (see appendix 3 of the rules for details )
__________________

I pasted and executed this and it didn't do anything. It turned gray but didn't reboot.

Did you reboot manually? If no then do so.

I zipped and uploaded the quarantine file and I rebooted. What next?

Trojan-Downloader.Win32.TSUpdate.n,
Trojan-Downloader.Win32.TSUpdate.f,
Trojan-Downloader.Win32.Adload.qy,
Trojan-Downloader.Win32.Delf.dlk

As I said in PM, we need new logs to tell what to do...

So I need to rescan and upload the new logs?

No, do steps 8-13 only, and upload new logs.

I am not sure what is going on but I can not start AVZ or HiJackThis. When I try to start both my computer freezes. I even deleted them both twice and redownloaded them and still the same thing. What can I do?

Can you run the AVPTool?

No... it says "Not Responding" .. I can run DrWeb and Kaspersky Lab Tool but it will not let me run AVZ or HiJackThis

Reboot to Safe Mode, and make logs from there. But this time, do only steps #10-13.

I tried that but this is the weirdest thing ... when I try to boot in safe mode, it loads the files and then reboots. It other words it willo not let me boot in safe mode it is just a loop

Run the Recovery Console. To do so, boot with the Windows XP CD and select "R" at the Welcome Screen.
From there try to delete the following files:
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\hldrrr.exe
c:\windows\system32\wintems.exe
c:\windows\system32\mdelk.exe


No... it says "Not Responding" .. I can run DrWeb and Kaspersky Lab Tool but it will not let me run AVZ or HiJackThis
Does it mean that you can run the AVPTool ? You answered "No" and then you said that you can do it :)

Ok here are the logs ... Adware Alert just did a scan and it claimes to have just found 3679 infected files. I amnot sure which one is correct but here are the logs

All malicious registry entries seem to be here again :( Let's try again: before execute script, disconnect your network connection and stop the anti-virus monitor.
Execute script:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
SetServiceStart('srosa', 4);
BC_DeleteSvc('srosa');
BC_DeleteFile('C:\WINDOWS\system32\drivers\srosa.s ys');
DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe ');
BC_DeleteFile('C:\WINDOWS\system32\drivers\hldrrr. exe');
DeleteFile('C:\WINDOWS\system32\wintems.exe');
BC_DeleteFile('C:\WINDOWS\system32\wintems.exe');
BC_Activate;
ExecuteSysClean;
RebootWindows(false);
end.. If script works correctly, your system will restart. After restart, turn on your antivirus monitor and network connection, make the step 10 of the rules (http://virusinfo.info/showthread.php?t=9184) and attach the log here.

I ran the Kaspersky Lab Tool and it does nothing. It wont reboot so I manually rebooted. I am going to try and do the Recovery Console again but I am not sure that I am doing it right. Once I get in to the console and get to the C:\Windows what do I type to delete these and how do I know if it worked? :( I am getting frustrated I have been working on this virus for going on 4 days now


Run the Recovery Console. To do so, boot with the Windows XP CD and select "R" at the Welcome Screen.
From there try to delete the following files:
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\hldrrr.exe
c:\windows\system32\wintems.exe
c:\windows\system32\mdelk.exe


Does it mean that you can run the AVPTool ? You answered "No" and then you said that you can do it :)

Clear your internet cache.
Run the AVPTool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
Go to the "Manual Cure" window.
Copy and paste the following script (how to do this: read here http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm)
Execute it.

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
StopService('srosa');
SetServiceStart('srosa', 4);
DeleteService('srosa');
QuarantineFile('C:\WINDOWS\system32\drivers\srosa. sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\hldrrr .exe','');
QuarantineFile('C:\WINDOWS\system32\wintems.exe',' ');
DeleteFile('c:\windows\system32\drivers\srosa.sys' );
DeleteFile('C:\WINDOWS\system32\drivers\hldrrr.exe ');
DeleteFile('C:\WINDOWS\system32\wintems.exe');
DeleteFileMask('c:\WINDOWS\system32\drivers\down', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Do and paste new log files http://avptool.virusinfo.info/en/AVPTool_manual.htm and paste them here.

OK here you go

Any Help?

Execute the following script:


begin
ClearQuarantine;
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\kasperskyLive3 2.exe','');
DeleteFile('C:\WINDOWS\system32\kasperskyLive32.ex e');
RegKeyParamDel( 'HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'drvsyskit');
RegKeyParamDel( 'HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'german.exe');
BC_ImportALL;
BC_DeleteSvc('srosa');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After your system reboots, upload new quarantine according to appendix #3 of Rules and make a new "syscheck" logfile.