Hi there,

My PC is running strange for a couple of days now so I ran the virus-scan of Avast. It has found a “Win32:Beagle-CR [Wrm]” but it can’t seem to move or delete it. After some searching where it would be located I found out that it’s in: “C:\Documents and Settings\Martin v******\Local Settings\Application Data\Microsoft\Outlook”.

I know a fair bit of computers after finding out bits and pieces so once in a while but what do I do here? None of the other programms I’ve found on the internet seem to be able to get rid of it. And if I delete the infected files completely, Outlook won’t start anymore.

Please don’t get too complecated whilst explaining because I’m not really an expert like most of the people here.

Oh, the files that appear to be infected are:

• archive.pst
• backup.pst
• outlook.pst
• outlook1.pst

Firstly I don’t use Outlook.

It looks like you have run a scan and it has found old emails in the Outlook email folders .pst file. The pst files are a collection of emails collected inside one file. avast may not be able to extract the infected email from within these pst files and if not the only option would be to delete the pst file not something you want. so you could lose the contents of the archive.pst, backup.pst, email folders etc.

What ever you do don’t touch these files, e.g. delete or move to chest, etc.

Unfortunately, you may have to literally manually check through each email in the pst folders you mentioned to try and find the infected email and then manually delete it within outlook and then delete the contents of the deleted items/emails folder. This may not be as bad as it seems as you would be looking for emails with attachments. Check this http://www.avast.com/eng/win32beagle.html as it indicates that the attachments are randomly named .exe files.

Open Outlook and search for emails containing weird files and delete them.

Hi Martin-vdB,

Technical info here: http://www.eset.com/msgs/baglecr.htm

Removal Procedure

In Windows 98/ Me:

1. click CTRL+ALT+DEL
2. select the bbeagle and then click Endtask
   3)go to [ c:\windows\system ] folder and delete the bbeagle.exe file.

To Remove the entries in Registry:

1. first click on START

2. select RUN and type Regedit

3. in the registry editor, in the left pane, go to HKEY_CURRENT_USER>Software>Microsoft>Windows>
   CurrentVersion>Run

4. In the Right pane, DELETE the following entry:
   d3dupdate.exe = “%System%\bbeagle.exe”

Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME

5. after deleting the main registry entry, delete the following entries too

HKEY_CURRENT_USER\Software\Windows98 “frun”
HKEY_CURRENT_USER\Software\Windows98 “uid”

6. if you have any AV program, then scan the system, so you can know if there are any files infected with this, just delete those files. Telling this because, may b there is a chance that if you find the virus there mans, there is a chance that it infect, so I told that way.

7. Restart your system.

In Windows NT/2000/XP:

1. click CTRL+SHIFT+ESC, and click the Processes tab.

2. In teh list select the file bbeagle and click on Endtask

3. Go to [ c:\winNT\system32 ] folder in WINNT, and [ c:\windows\system32 ] folder in Windows 2000 as well as WINXP and delete the bbeagle.exe file.

To Remove the entries in Registry:

1. first click on START

2. select RUN and type Regedit

3. in the registry editor, in the left pane, go to HKEY_CURRENT_USER>Software>Microsoft>Windows>
   CurrentVersion>Run

4. In the Right pane, DELETE the following entry:
   d3dupdate.exe = “%System%\bbeagle.exe”

Note: %System% is the Windows system folder, which is usually C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.

5. if you have any AV program, then scan the system, so you can know if there are any files infected with this, just delete those files. Telling this because, may b there is a chance that if you find the virus there mans, there is a chance that it infect, so I told that way.

6. Restart your system.

polonus

I don’t think Martin-vdB has Beagle actually in his system other than old emails that avast has detected, otherwise avast should have decected it in his system folders, etc. but it won’t hurt to check.

Martin-vdB’s major concern is not to lose the .pst files.

Hi there,

Thanks for all the help. Unfortunately I haven’t managed to solve it through any of your tips. I don’t have any strange e-mail attachments and application manager doesn’t show beagle or bbeagle in the list.

Also I seem to have the file Taxes.exe mentioned together wit this Win32:Beagle-CR [Wrm] ???

I think I’ll call somebody who knows more about computers then I do as I’m getting a little nervous to edit files in the registry myself. It’s not as easy as I thought it could be.

But again, thank you for your help

No problem, welcome to the forums.

It won’t be as obvious as finding the word beagle, searching for email with .exe attachments that look suspect, come from an unknown source, etc. When you have a list in the search returns look at the subject lines, who they were supposedly from and try and arrive at the suspect ones. These you could delete or export/back them up in case you are frightened of losing a few legitimate emails.

Stuff like taxes.exe would make me suspicious if it weren’t from my accountant but even then this address can be faked.

As I said I doubt that this is in your system otherwise avast would have detected it, so you don’t need to edit the registry just check those locations to confirm there presence, if there we can assist further but I doubt you will need to edit the registry.

If you are going to get some help, perhaps you should bookmark this Topic and show it to your helper.