W32/Bagle.RP.worm Please help

IT looks like that I got this virus.
As result it kill my Avast home edition installation.
For the moment I’m not able to start Avast at all.
I tried to reinstall it, but unfortunately it not help.
Please advice!!!

Try one of the online scanners:

Trend Micro Housecall
Dr. Web CureIt (On-Demand only)
Kaspersky Online Scanner

Let me know if these don’t work. Tech Support Forum may have suggested ComboFix or OTMoveIt.

I tried Panda online scaner and it return me the name of virus that you can find in topic subject.
W32/Bagle.RP.worm
Then I started Kaspersky Online Scaner and it return me

Trojan-Downloader.Win32.Bagle.aeq

Also my computer is show “blue screen” when I try to start it in Safe mode

Please advice!!!

Try this online scanner: F-Secure

F-Secure is not workign.
It writes me that virus database is corrupted and then ask to restart it agian.
I tried several time but. :frowning:
Almost all anivirus is not working on my computer.
Looks like I will need to completely reinstall windows :frowning:

Hi const,

Okay, I can see why some of your security softwares and scanners were disabled - you picked up the Bagle worm; it does that. You are quite badly infected otherwise. And at the moment you cannot enter Safe Mode because some registry entries have been altered - we will fix that later.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
    A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop,

polonus

Dear Polonius,

Thank you for your help, but unfortunately I’m not able to start ComboFix.exe
When I try to start it from explorer window it hang and not responding.
Is it any ways to remove this virus manually?

OK! When I not download&save ComboFix.exe but just run it it starts.
And then it shows me Message

You cannot rename ComboFix as
Please use another name, preferabaly made up of alphanumeric characters

This message shown by NirCmd.cfexe process from
C:\32788R22FWJFW folder

When you are about to
download it, and you are asked where to save it,rename the file to Combo-Fix,then download it

If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

http://www.geekstogo.com/forum/not-valid-win32-application-t187455.html&p=1163905#entry1163905

Dear Polonius and micky77!
Thank you very much for help! I already found that program need to be renamed and then it run fine
Attached report.

What else I need to for reparing my computer?
Fix some regestry entries to boot in Safe mode?

Const

If you cannot get into safe mode (but try it first )

Download the safeboot.reg file to your desktop from my site right click and select merge. Then retry safe mode

http://cid-32d8666f4048075b.skydrive.live.com/self.aspx/Malware%20files/SafeBoot-for-Windows-XP-SP2.reg?lc=2057

Hi const,

After you followed essexboys’ advice, you could download MBAM, update it, and do a scan.
MBAM download site http://www.besttechie.net/tools/mbam-setup.exe

polonus

Hi Polonus!

Thank you very much for your help!!!