Help, My pc has been infected by bagle virus. Upon removing the virus it comes back again. I am using Windows XP.
Help, My pc has been infected by bagle virus. Upon removing the virus it comes back again. I am using Windows XP.
Do a scan it with hijackthis: HijackThis - How to use HijackThis? What it dose?
Save the Log here on the forum and an expert will assist you.
I think you had not recently downloaded a crack software?
A crack or keygen is a key to enable illegal software. Many infections like Bagle are conveyed by the cracks.
Make a Kaspersky online scan:
Click on Start Online Scanner
Click now on I agree.
Validate the installation of an ActiveX or more if necessary.
Wait until the installation of updates.
Choose from the following analysis of the My Computer.
Backup and then glue the report generated in the final analysis.
NOTE: If you receive the message "The license Kaspersky On-line scanner is outdated", is in Add / Remove Programs and then uninstall On-Line Scanner, you reconnect to the site of Kaspersky to sound scan online.
This could be a new type of Bagle... you should send this file immediately to Norton team to analyze it.
To be able to access the infected file you first have to disable Norton's Antivirus.
Also, it is not enough to just sent the infected file to Norton support because the file is seen as infected and will not get through the antivirus protection of the email servers. You need to archive the file, then protect the archive with a password and only after that attach the archive and send it to be analyzed.
You should get an answer concerning the analysis in just some hours, maximum a day.
In case Norton with the latest updates now detects this virus with a version (that means that the virus will have a ".X " letter at the end of the name) then look for its removal tool on the site and run the tool having the Norton's Antivirus disabled.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the process associated with the original worm file.
2. Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
3. Delete the following folder and its contents:
%Documents and Settings%\Application Data\hidn
4. Delete the following parameters from the system registry.
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"drv_st_key" = "%Documents and Settings%\Application Data\hidn\hidn2.exe
5. Delete the following files:
%System%\re_file.exe
%WinDir%\elist.xpt
6. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
With great power comes great responsibility - Spiderman's Uncle
The Greatest Sig Ever
Bookmarks