bagle

Hi,

This is my 1st post.

About 10 days ago my computer was infected with “bagle”, but avast did not detect it.

To make the story short, I finally got rid of “bagle” with much difficulty.

My question is, how come avast did not detect “bagle” ? How to ensure I don’t go thru the same problem ?

2ndly , how can I check to be sure that avast is scanning & monitoring my outlook express.

Thanks a bunch. Sorry if this is a repeated question

Steve :slight_smile:

How did you detect the bagle? Maybe because avast! never had the bagle yet in the virus database. If you ever encounter a virus that avast! never detected yet you can send the virus in a zip compress folder to virus@avast.com

It was detected with “a squared”. Removed 9 items & then my screen gone blank. Someone from another forum suspected something & helped me to fix that.

So the bagle virus is not there anymore but I’m really curious how that can happen?

Hi Fixer,

There is a disinfector for it at: http://www.sophos.com/support/cleaners/baglegui.com

  • open BAGLEGUI
  • run it
  • click GO

If you have more computers to disinfect better run it from a floppy disk.

That’s all folks,

polonus

There have been a new versions/variants of bagle doing the rounds, but I believe it is still a mass mailing worm.

A very large proportion of all the viruses/worms are still received and activated by email (attachment).

Don’t go opening email attachments from unknown recipients and even then if they are not expected or differ from the usual pattern of email from that sender. This will stop the possibility of being hit by new variants not detected by AV programs.

do some AV firms refer to bagle, as beagle?

Yes, it would appear so. There is no standardisation or convention on virus naming so it is a little confusing at times, but in this case I believe avast uses beagle as there are 148 detected variants of Beagle on the avast virus database. There have been two new variants of Beagle (bagel) added to today’s VPS update, Win32:Beagle-CC [Wrm], Win32:Beagle-CC2 [Wrm]. http://www.avast.com/eng/vps_history.html

I notice that three are VBS (script) variant/versions so it could be possible to get infected via the web also and not just by email attachment.

Hi DavidR,

There is a new Bagle variant out. See:
http://www.sophos.com/virusinfo/analyses/trojbagledlr.html

polonus

So, if avast is updated with bagle , how come it missed it ?

Shud I have another anti virus together with avast?

I want to be really protected. Don’t wanna get hit again !!

Thanks for your advise

Steve :slight_smile:

  1. Simple, with a fast mutating/variant/changing virus AV companies will always be fighting a defensive action and it is possible that something undetected today could well be detected tomorrow.

  2. The general answer is No you shouldn’t have two resident scanners (on-access) as these are likely to cause conflict.

  3. There are some AVs that are on-demand only (you activate a scan), I think BitDefender is just one, this could be used as a backup AV. You can also use some of the on-line scanners again as a backup/confirmation.

RejZoR’s Website - Security Ops
On-line Virus Scanners and other useful Links Security-Ops.eu.tt

Thanks to all for the answers.

But I still have one question not answered from my 1st post:-

“2ndly , how can I check to be sure that avast is scanning & monitoring my outlook express.”

Thanks

:slight_smile:

Well avast! has a shield for Outlook Express, you have to start Outlook Express in order to start the shield. :slight_smile:

When your email is being scanned:

  1. The Scanned count will increase in the Internet Mail provider’s Detailed View, check it.
  2. There will be another icon appear on the system tray and the avast icon will spin.
  3. Check the email headers you should see something like this.
    X-Antivirus: avast! (VPS 0525-4, 24/06/2005), Inbound message
    X-Antivirus-Status: Clean
  4. Tick the Insert note into clean message box for the relevant type (pop3, smtp, imap, nntp, etc.).

I think that should be enough to keep you going.

Hi forum members,

New fresh bagles spammed. There was a virus research alarm over a new variety (some 15) of Bagle worm that tries to hijack machines for use in botnets. The weekend spam run attempts to trick (social engineering still works) to download an executable file identified as Bagle.BQ or Mitglieder.CN. Mitglieder.CN has a main dropper and a .dll that injects into Explorer.exe processes. Upon execution (or spawning as FreewheelinFrank calls this ominous process) two start up keys are created as well as a tart-up key for a file in Windows. It disables AV and security software and opens a backdoor for remote access, and other malware. The spreading was not done by a group, what helped creators was that last year the Bagle source code was on the net.

greets,

polonus

I’ve done that , now I’m certain my e-mails are scanned. Thanks

Ever since I’ve got bagles, I’ve been reading a lot. There are 2 suggestions to download avast add-ons, please let me know if it is necessary ,

  1. avast virus cleaner

http://www.avast.com/eng/avast_cleaner.html

2)avast! External Control 1.6.166

Hope to receive your reply.

Thanks

:slight_smile:

Yes I would download both.

  1. The avast_cleaner only cleans a limited number of true viruses/worms, it is not a general virus removal tool, etc.

  2. AEC is not made by avast! but by one of the forum Members and avast! user RejZoR, his program gives a GUI style interface to change many things in avast! that either require manual editing of the avast4.ini file or change settings that are deep in the avast interface. A very useful tool.

Thanks a lot

:slight_smile: