Results 1 to 5 of 5

Thread: mbr infected by bagle 5

  1. #1
    Join Date
    Oct 2004

    mbr infected by bagle 5

    Help, My pc has been infected by bagle virus. Upon removing the virus it comes back again. I am using Windows XP.

  2. #2
    Join Date
    Jan 2006

    Re: mbr infected by bagle 5

    Do a scan it with hijackthis: HijackThis - How to use HijackThis? What it dose?

    Save the Log here on the forum and an expert will assist you.

  3. #3
    Join Date
    Jan 2006

    Re: mbr infected by bagle 5

    I think you had not recently downloaded a crack software?

    A crack or keygen is a key to enable illegal software. Many infections like Bagle are conveyed by the cracks.

    Make a Kaspersky online scan:

    Click on Start Online Scanner
    Click now on I agree.
    Validate the installation of an ActiveX or more if necessary.
    Wait until the installation of updates.
    Choose from the following analysis of the My Computer.
    Backup and then glue the report generated in the final analysis.

    NOTE: If you receive the message "The license Kaspersky On-line scanner is outdated", is in Add / Remove Programs and then uninstall On-Line Scanner, you reconnect to the site of Kaspersky to sound scan online.

  4. #4
    Join Date
    Jan 2006

    Re: mbr infected by bagle 5

    This could be a new type of Bagle... you should send this file immediately to Norton team to analyze it.

    To be able to access the infected file you first have to disable Norton's Antivirus.
    Also, it is not enough to just sent the infected file to Norton support because the file is seen as infected and will not get through the antivirus protection of the email servers. You need to archive the file, then protect the archive with a password and only after that attach the archive and send it to be analyzed.
    You should get an answer concerning the analysis in just some hours, maximum a day.

    In case Norton with the latest updates now detects this virus with a version (that means that the virus will have a ".X " letter at the end of the name) then look for its removal tool on the site and run the tool having the Norton's Antivirus disabled.

  5. #5
    Join Date
    Jan 2006

    Re: mbr infected by bagle 5

    Removal instructions
    If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

    1. Use Task Manager to terminate the process associated with the original worm file.

    2. Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).

    3. Delete the following folder and its contents:
    %Documents and Settings%\Application Data\hidn

    4. Delete the following parameters from the system registry.
    "drv_st_key" = "%Documents and Settings%\Application Data\hidn\hidn2.exe

    5. Delete the following files:

    6. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
    With great power comes great responsibility - Spiderman's Uncle

    The Greatest Sig Ever

Similar Threads

  1. How to delete Win32/Bagle.HE worm?
    By Harper 21 in forum Networking & Security
    Replies: 5
    Last Post: 30-12-2009, 09:01 AM
  2. Win32.Bagle.FO@mm is slowing down my pc.
    By WILTON in forum Networking & Security
    Replies: 5
    Last Post: 25-12-2009, 04:04 AM
  3. How to delete Win32.Bagle.{J-K}@mm?
    By RICO12 in forum Networking & Security
    Replies: 5
    Last Post: 22-12-2009, 03:19 AM
  4. Win32/Bagle.AY infected Compaq Presario 610FD VH452PA laptop
    By Ivann in forum Networking & Security
    Replies: 3
    Last Post: 08-12-2009, 05:06 AM
  5. removing Win32/Bagle.gen!C
    By HELLIAN in forum Networking & Security
    Replies: 3
    Last Post: 07-07-2009, 07:38 PM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Page generated in 1,713,090,818.11652 seconds with 17 queries