Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm Bagel. FT


  • Please log in to reply
6 replies to this topic

#1 lsj0302

lsj0302

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 September 2005 - 06:53 AM

Hello,

I am using windows XP and AVG anti virus. It has detected worm/bagel.FT.

How do I get rid of this ?

Thank you for your help.

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 22 September 2005 - 08:49 AM

If AVG can't get rid of it try one of the following.

If you think you are infected submit a hijackthis log here.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 September 2005 - 11:21 AM

Thank you for your reply. A couple of questions before I get started:

If I am using XP and there are different users, do I need to run Sysclean, Spybot and Adaware (all from the Safe Mode I assume?) for EACH of the users or can I do it once under my screen name only.

As far as the order of the procedures, do I:

Go to Safe Mode, run Sysclean, Spybot, Adaware....

then, while I am in safe mode also, do I download and run A2 and Ewido.

Do the same for each user or as I asked above, run it for every user?


Do I run Hijack This and submit the log last?

Thank you for your patience.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:38 AM

Posted 22 September 2005 - 12:32 PM

Download, install, and update the programs.
Go into Safe Mode and run the scans from the Admin account.
Scan all files.
If your still having problems, read How to submit a hijackthis log.
Then run HijackThis and post a log in the appropriate forum.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 23 September 2005 - 11:22 AM

while I am in safe mode also, do I download and run A2 and Ewido.

Well, you can only connect to the interent to download if you're running XP Pro on DSL, I believe. There may be other specific OS's/setups that can accomplish this, but it makes sense to do all your downloading before going into safe mode. It is always better to run the apps after they have been installed and updated in safe mode tho.

If I am using XP and there are different users, do I need to run Sysclean, Spybot and Adaware (all from the Safe Mode I assume?) for EACH of the users or can I do it once under my screen name only.

Each logon (user) has its own settings which is what commonly gets hijacked. I'm not sure about AVG, but most antiviruses will scan and clean all logons. However, it's very common that they won't clean everything. HijackThis is used in that case, and yes it should be used last. And it is specific to each logon. In other words, user Charlie may be infected while user Sue may not be. Adaware & ewido I believe does detect and clean globally--I'm not sure about Spybot and A2. I would suggest running at least one of these scans while logged into each account.

If one user accountstill exhibits bad behaviour after all the autocleaners have been used, I suggest you submit a HijackThis log while logged into that account. Be sure to scan to make the log in normal mode so we can see all the running processes. Then when you post your log, let the helper who takes on your case know that you have other user accounts that may also be infected. But it is better to take on one log at a time.

The thing about people

is they change

when they walk away.--Mipso


#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:38 AM

Posted 23 September 2005 - 08:42 PM

lsj0302,

I moved your HJT log to the appropriate forum.
Here's the link:
lsj0302's HJT log

NOTE:
Please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might think someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 23 September 2005 - 08:48 PM

Thanks. I thought about posting it there initially but didn't want you to think I had just gone to cyberspace indefinitely.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users