infected with w32.bagle

[Cyber-Mav]

don;t like this one bit, my server is infected with the w32.bagle virus, fat lot of use that symantec corporate av was. rang symantec and they being muppets. doubt thier scanner even supports scanning of this bagle virus. the virus even managed to disable symantec av

how can i sort this out? trying some free independant scanners at the mo.

 

[Dappy]

Here's a few links that may help:

http://vil.nai.com/vil/content/v_100965.htm

http://www.spywareremove.com/removeW32Baglegen.html

http://www.redsofts.com/soft/385/21936/W32Bagle_Worm_and_its_variants_removal.html

What OS is your server running?

Good Luck

 

[Cyber-Mav]

running windows server 2003.

contacted symantec again, they sent me 2 removal tools, but they are called w32.beagle, could be a different name given to the virus by symantec.

either way the virus has nuked my antivirus scanner. and whenever i reboot the server ads pop up. some kind of worm virus me believes.

nod32 doesnt want to install on the pc either, throws up a error code 106 about extracting from archive or something

update: symantecs first scanner tool didn;t find jack running the second one.

did a online scan at mcafee site and it clocked 2 instances of the w32.bagle.gen virus. didn;t remove it cuz i need to purchase the scanner.

 

[Ol!ver]

did a online scan at mcafee site and it clocked 2 instances of the w32.bagle.gen virus. didn;t remove it cuz i need to purchase the scanner.

They're not daft are they !

Any idea where the little bugger found it's way in?

 

[Cyber-Mav]

think cousin was using pc the other day to check some sites, must have clicked on something dodgey and got the pc mashed.

managed to remove whats left of symantec av. problem is can;t reinstall it, its got problems writing to a folder. i suspect the virus is blocking it.

need to find a free av which i can boot off a disk and do scanning with and fix the problem.

 

[Ol!ver]

think cousin was using pc the other day to check some sites, must have clicked on something dodgey and got the pc mashed.

managed to remove whats left of symantec av. problem is can;t reinstall it, its got problems writing to a folder. i suspect the virus is blocking it.

need to find a free av which i can boot off a disk and do scanning with and fix the problem.

Can't help you with that, but don't suppose you've got a recent backup you can bang on? Not sure it's the best idea, bit if push comes to shove you could stick the drive in another machine and clean it from there.

 

[Cyber-Mav]

Can't help you with that, but don't suppose you've got a recent backup you can bang on? Not sure it's the best idea, bit if push comes to shove you could stick the drive in another machine and clean it from there.

looks like thats the best idea, stick the drive in my external usb caddy and get another pc to do the scanning.

gonna see if there is anything else around here than can help out. looking for other scanners.

 

[Ol!ver]

looks like thats the best idea, stick the drive in my external usb caddy and get another pc to do the scanning.

gonna see if there is anything else around here than can help out. looking for other scanners.

Cool, just hope it doesn't find its *** off one HDD onto another

Good luck, don't stop up all night trying to sort it ! I always get shouted at for doing that

 

[Cyber-Mav]

right, i think i managed to remove the virus, its not starting anymore during boot up, but another program i tried to install which failed is now causing problems, PREVX a spyware removal program failed its install and is now causing problems on boot up.

need to do manul registry mastering again me thinks.

also need to install virus scanner back onto this machine.

 

[d.chatten]

Why don't you try the avast! virus removal tool here > avast! Virus Cleaner - free virus removal tool, run it in safe mode.

Hope this helps!

 

[Cyber-Mav]

right, cleared up the services at start, had to manually go through the registry and sort it. can now install antivirus, symantec installer is working and also nod32 installer is working now.

question is which av is best for windows server 2003? need something proper robust and solid to use. symantec has served me well for the last few years. is nod32 better at scanning?

speed is not essential, clampage power is whats required

 

[d.chatten]

Most people say that nod32 is the best, i use avast and i haven't been infected since i started using it two years ago.

 

[Cyber-Mav]

iv installed nod32, seems to be working fine, has a lot more advanced setup info than symantec which looks good on a server

dunno how good its scanning capabilities are but all i can say is that its speed is very good, deffo faster than symantec corporate av and seems to use only 20mb of ram too. also noticed that only 1 process runs for nod32 where a few run for symantec. interesting.

 

[stoofa]

don;t like this one bit, my server is infected with the w32.bagle virus, fat lot of use that symantec corporate av was. rang symantec and they being muppets. doubt thier scanner even supports scanning of this bagle virus. the virus even managed to disable symantec av

how can i sort this out? trying some free independant scanners at the mo.

Symantec Corporate edition has protected you from all varients of W32.Bagle as and when they have been discovered.
In fact the time between when the very first instances of this virus (one of the most wild ones at the moment) was first found and Symantec having definitions that detected it was approx. 2hrs.

How do I know?
Because we exclusively use SAV on our 100+ Workstations and 20+ servers.
In fact running SAV in such a way has resulted in not one single machine (workstation or Server) having a virus infection in the past 4 years at work - a pretty impressive record considering the amount of laptop, pendrive, etc users we have.

I'd love to know how your machine running a correctly configured version of SAV managed to get infected - I'm sure Symantec would love to know too.

 

[Cyber-Mav]

yea, im shocked how this happend too, but im quite sure no-one fiddled with this server, iv got symantec av corp v10 installed on all my machines at office and home and we use it for all out clients too.

this is the 4rd recorded incident though that iv had viruses slip past the scanner and end up disabling the scanner resulting in lots of manual faffing around to sort stuff out.

but on all 4 times this has happened, happened on 4 different machines, 3 on the same network, iv noticed a trend that the virus scanner is the first thing that gets the shaft, after that as soon as you turn the machine on and get to desktop you get popups from no where.

im evaluating nod32 now though to see how it is, then come our symantec renewal date will see if there are other alternatives available.

so far with nod32 iv mainly noticed the speed of the scanner is quick, very quick infact. also the memory footprint is small too (~20mb) which is another bonus. also its unified process structure is very good, only 1 process running for the entire scanner and all its components.
as for reliability will have to test it further.

symantec is brilliant thanks to its remote administration capabilities not sure if nod32 has similar features for network deployment so will have to test all that out in a private lan setup.

if i do decide to switch away from symantec its gonna be a mission updating 482 machines to the new scanner

 

[bledd]

two processes run for nod32

symantec is 'fine' until you actually get a problem

 

[Cyber-Mav]

two processes run for nod32

symantec is 'fine' until you actually get a problem

yes i noticed 2 processes run for nod.

thats the thing iv seen now with symantec, it does seem to be fine until a virus usually a worm comes alone and then shafts the machine.
nod32 atleast shows in a window that its scanning all internet traffic as it comes in. symantec im guessing is just scanning files which are being run which is a bit lame.

will deffo switch over to nod32 at work now. gonna be a mission in itself to make the change but i guess its worth it.