This bug (Worms / worms) is particularly difficult to eradicate, given the possible variations.
The exact names are:
troj bagle.acz
troj bagle.adb
bagle.je
worm worm worm bagle.acy
bagle.LP
Bagle.ic, Bagle.ie, Bagle.id (name kaspersky) .
Initially, downloads ---> Multi Virus Cleaner
It is capable of eradicating and some Bagle variants.
The facility does not pose a concern is . Exe
Double-click it and configure on analysis Careful.
And disables your anti-virus!
Well, the classic tool
disinfection is this: (download) Download
So ---- > ELIBAGLA bottom of this page
http://www.zonavirus.com/datos/desca...5/elibagla.asp
(click on the button "Descargar (download) Elibagla") on your desktop .
Once it is on the desktop, launches ELIBAGLA . It
better in safe mode.
But sometimes we are no longer able to run the machine in Safe Mode ...
(so I put some info about the end of this page)
(w32.beagle.kf/Trojan.Tooso.R) prevents reboot in safe mode!
in normal mode so otherwise.
Wait until the scan ..... Recover
then the contents of the file " infoSat.txt " located at -> My Computer / Drive C: \\ "
Copy / paste the content on the forum.
------------------------------------------------- ----
if it goes wrong ... try the manual mode. (Copy / paste text below and saves it as : remove.txt )
----------------------------- -------------------------------------------------- Drivers to unload
:
m_hook
registry keys to delete:
HKLM \\ System \\ CurrentControlSet \\ Services \\ m_hook
Files to delete:
C: \\ WINDOWS \\ system32 \\ wintems.exe
C: \\ WINDOWS \\ system32 \\ hldrrr.exe
C: \\ Documents and Settings \\% USERNAME% \\ Application Data \\ Hidir \\ hidr.exe
C: \\ Documents and Settings \\% USERNAME% \\ Application Data \\ Hidir \\ m_hook.sys
Folders to delete:
c: \\ Documents and Settings \\% USERNAME% \\ Application Data \\ Hidir
C: \\ WINDOWS \\ exefld
------ -------------------------------------------------- -------------------------------------------------- ----
then download this:
Avenger Swandog46
to unzip the desktop -----> avenger.exe
double-click it. At the opening
-----> this alert.
Here it is ticked (image)
Load script filename here gold click Open Script button at right.
Read a Script from a file,
Click on the little folder to open the file and target "remove.txt"
(Registered before with Notepad.exe.)
Then a warning
then click on the green light
click "yes"
The machine will reboot and the script will run.
Well, then do this:
A helping clean:
Unzip the tool and do option 1.
Post report. If
of concern with safe mode: ---------------------------------------
------------------
You sp1, directly download a file "reg" to restore the settings of Safe Mode, once on the desktop double-click above.
to download SP1 here
download for SP2 here
-------------------------------- ----------------------------------------
0 comments:
Post a Comment