Question about Themida Winlicense XBundler + Virus Rootkit W32.Bagle Infections Hello, Recently my system was infected with W32.Bagle and I'm still not sure if it's removed from my system. I have the following question about how exactly infections with Themida work: Do Themida powered infections, such as W32.Bagle keep installing themselves in other files with Themida's technology if I execute the infected file? Or does the first infected file stays as the master source and just corrupts other files. This assumes the following as true, as seen in the https://www.wilderssecurity.com/showthread.php?t=184840 topic. Themida infections in .exe 's cannot be detected- Quote from the forum post: "All of malware packed with Themida bypass AV engines, because of the compression and encryption Themida uses. " Antivirus and antirootkit software detects W32.Bagle only after it is deployed from the carrying agents software, ie. Eset cannot detect W32.Bagle inside the Firefox.exe however once I click Firefox.exe W32.Bagle is deployed and thus Eset can detect it however it might be too late (Note: It seems to me, and correct me if I'm wrong: not only does Temida corporation has a "it's not our fault" approach in this, but they are also trying to prevent Antivirus applications from flagging Themida packed files, which is basically the only way to detect Themida viruses! ) So the question in effects serves as the following: If Eset cannot detect W32.Bagle in the initial .exe I downloaded. And if once deployed W32.Bagle infects itself into other undetectable .exe files, ie. Word.exe And these files are not detectable as themselves. And each time I run them they use Themida's technology to infect the W32.Bagle or whichever root kit into other EXE's ... This might mean that I'd rather remove / reinstall the operating system completely.