I-Worm/Bagle.J

G

Guest

Recently i was Downloading the free version of AVG anti virus software. During the download I ironicly was infected with the worm I-Worm/Bagel.J. I was then unable to get to my desktop without getting a blue error screen and having to turn off the computer. I used system restore from safe mode , and restored to a previous point from the download. I then managed to get rid of most of the virus with the new software except for an infected file "system 32" (or something like this) which was unable to be treated by the antivirus. I was then able to go to my regular desktop. However an error message kept telling me file system32 or something similar was still infected. I used task manager under the processes tab to end the "system 32" process. Now i get the error message saying system32 cannot load up when i first log in to the desktop. And i still recieve an error message saying that I-worm/bagle.j is present in a something "restore".

Any help to finally clear this up would be muchly appreciated.
 
K

Kaylene aka Taurarian

You need to turn off System Restore, reboot and turn it back on again.

How antivirus software and System Restore work together
http://support.microsoft.com/default.aspx?scid=kb;en-us;831829

Right click [My Computer] [Properties] then click on System Restore tab.
Put a check in the box for Disable Restore on all drives.
Click apply, then Reboot your PC.
After the system reboots, navigate to the System Restore tab and turn it back
on. Click apply.
Once System Restore has been turned back on, the computer needs to be rebooted
again so that System Restore can create a new point (although a manual point can
be created, by navigating to [System Tools] [Restore...] and choose [Create a
Restore Point] and then providing a name for the new restore point).
If you decide not to do the 2nd reboot this will result in the next Point being
created 'within the next 24 hours'.
Check your System Restore to see if the new restore point has been created.




stirlo said:
Recently i was Downloading the free version of AVG anti virus software.
Click to expand...
During the download I ironicly was infected with the worm I-Worm/Bagel.J. I was
then unable to get to my desktop without getting a blue error screen and having
to turn off the computer. I used system restore from safe mode , and restored
to a previous point from the download. I then managed to get rid of most of the
virus with the new software except for an infected file "system 32" (or
something like this) which was unable to be treated by the antivirus. I was
then able to go to my regular desktop. However an error message kept telling me
file system32 or something similar was still infected. I used task manager
under the processes tab to end the "system 32" process. Now i get the error
message saying system32 cannot load up when i first log in to the desktop. And
i still recieve an error message saying that I-worm/bagle.j is present in a
something "restore".
 
G

Guest

Hi
I have a Bagle virus. The site link is great but how do I determine which
flavoe of Bagle virus I have so I can chose the right tool from this site?
comput neophyte
 
D

David H. Lipman

From: "comput neophyte" <[email protected]>

| Hi
| I have a Bagle virus. The site link is great but how do I determine which
| flavoe of Bagle virus I have so I can chose the right tool from this site?
| comput neophyte
|
| "r" wrote:
|


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
J

Juan

Use the same tool for any variant of the virus.

----------------------
comput neophyte said:
Hi
I have a Bagle virus. The site link is great but how do I determine which
flavoe of Bagle virus I have so I can chose the right tool from this site?
comput neophyte

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
l.tool.html
Click to expand...
software. During the download I ironicly was infected with the worm
I-Worm/Bagel.J. I was then unable to get to my desktop without getting a
blue error screen and having to turn off the computer. I used system
restore from safe mode , and restored to a previous point from the download.
I then managed to get rid of most of the virus with the new software except
for an infected file "system 32" (or something like this) which was unable
to be treated by the antivirus. I was then able to go to my regular
desktop. However an error message kept telling me file system32 or
something similar was still infected. I used task manager under the
processes tab to end the "system 32" process. Now i get the error message
saying system32 cannot load up when i first log in to the desktop. And i
still recieve an error message saying that I-worm/bagle.j is present in a
something "restore".
 
G

Guest

Hi David,
I think I managed to remove the virus by deleting from the AVG vault and
doing a system disable reboot. AT least it doesn't show up when I search for
it or run AVG.
Thanks,
comput neophyte
 
D

David H. Lipman

From: "comput neophyte" <[email protected]>

| Hi David,
| I think I managed to remove the virus by deleting from the AVG vault and
| doing a system disable reboot. AT least it doesn't show up when I search for
| it or run AVG.
| Thanks,
| comput neophyte
|

I still suggest you run a scan such as McAfee from the Multi AV Scanning Tool tool just to
make sure. It may also find something that AVG may have missed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus/Worm 'not a valid Win32 application' 2
Help removing worm 2
Windows 7 hardest hit by WannaCry worm 1
Worm Nachi virus - help needed 2
Worm/Nachi 8
Possible virus or worm?? 2
sddrop worm virus 1
System Restore 10

Top