Hi, I have a problem because Bagle have come into my system.
I know the instructions to delete this virus, but I don’t know why avast doesn’t detect it.
I have sent the file “ldr64.dll” (one of the virus files on my system) to the online service “VirusTotal” and almost all the other antivirus detect it as “Bagle.ah” or other names.
I have the latest version of the avast antivirus (4.6.673, VPS: 0610-1/8th March).
I wait for an update.
Thank you.
As you have found other viruses call it different names avast should see this as beagle.ag not bagle.ah
However, if it has missed iand you are not getting a virus warning that you believe is a new, undetected virus, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Hi Pantuflo and DavidR,
Consider this. There are a lot of varieties on the same theme, and this could slightly differ from the main stream of bagles. Hope we are protected against it. Good chance it is this one:
http://www.frsirt.com/english/virus/2006/01441
polonus
Well based on Pantuflo’s comments, I’m not so sure this is the same variant as the one in your link, his was reported as ‘Bagle.ah,’ or if we are protected from the new variant. In any case if it is this new variant, sending it to avast is still advisable.
Hi, I have a problem because Bagle have come into my system.I know the instructions to delete this virus, but I don’t know why avast doesn’t detect it.
This new variants distribution is still email attachment and exercising safe hex and not opening email attachments from unknown origin (without being fully investigated) is a clear first option.
Thank you for your replies.
I have already sent the file “ldr64.dll” to avast.
Today avast have downloaded the new VPS, but it still not recognizes this file. It seems that the virus has dissapeared from my computer as I followed the instructions to delete that file and some keys in the registry that seems to be common to all the Bagle virus (I saved the file into the chest).
This virus closed every “Internet Explorer” window I opened, and also generated a fatal error in Firefox. Also, and seeing the firewall logs, it connected to several URLs, like “bennylife”, “binhaigolf” or others (as I have read about this virus, it tries to download something).
I’m very concerned with online security and I don’t know how this Bagle came into my system, as I never open emails attachments; I also use other security programs as ad-aware, a good firewall and others.
You can look at the results of my VirusTotal test in the attachment (69,1KB).
http://img53.imageshack.us/img53/4009/resultadodevirustotalparabagle.th.png
(I think I can post this results, if not, I will delete it as soon as I can, or please make it for me).
Today, the VPS has been updated and now “my” virus has been recognized as Win32:Beagle-IY [Wrm].
I won’t take this one week delay into account… (infected one week ago).
