bagle, downloader-FL, and others

Discussion in 'adware, spyware & hijack cleaning' started by jyodis, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. jyodis

    jyodis Registered Member

    Joined:
    May 8, 2004
    Posts:
    12
    Computer: an older Dell notebook

    Ad-Aware: ran a few times. It gets all the way through, but finds things that it can't quarantine or delete. These things are:

    C:\_Restore\Temp\A0161247.CPY
    C:\_Restore\Temp\A0161249.CPY
    C:\_Restore\Temp\A0161257.CPY
    C:\_Restore\Temp\A0161261.CPY

    ... called Downloader-DH.b, BrowseEut, Downloader-FL, Downloader-FL, respectively

    Then a whole BUNCH of W32/Bagle.j@MM things. I mean a couple hundred. All of the address were as follows:

    C:\_Restore\Temp\A01612151.CPY,
    C:\_Restore\Temp\A01612154.CPY,
    C:\_Restore\Temp\A01612157.CPY, etc
    etc, etc, adding 3 to the number each time
    ...
    ...
    C:\_Restore\Temp\A01612457.CPY

    All of these were called W32/Bagle.j@MM, and there is a few hundred of them.
    Can't get them cleared out with Ad-Aware.

    HijackThis will not download on my computer because I cannot download anything.

    What's the plan of attack?
    Thanks!
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi jyodis,

    AdAware is an anti-spyware program, not an antivirus although it can detect some files, but that's a bonus and not what it was made for. If all the infected files start with the C:\_Restore, then they are in your System Restore.

    Since you haven't mentioned what your operating system is, I'll give you the link to read how to turn off your System Restore and clear the infected files out of it for a WinME computer, since I believe this is what you have:

    WinME System Restore Instructions.

    Just in case, I'll give you the link for an XP also:
    XP System Restore Instructions.

    Before you turn your System Restore back on, do a follow-up with an on-line virus scan to be sure nothing is left behind that might still be infected: Free Services

    Then follow ALL steps and instructions here to post a hijackthis log (in this thread) so we can check it: HOW TO? Read here about how to post your log!!.

    Regards,

    snap
     
Thread Status:
Not open for further replies.