elle 0 Posted August 17, 2004 Bagle Worm and Netsky Virus For a few months now, I have been receiving e-mail like the following: [/b] mail from you ( ...........................) was stopped and Quarantined because it contains one or more viruses. Summary of email contents: Queue ID: C564946240 Attachment: Toy.hta forbidden attachment Found virus I-Worm.Bagle.zb]bold text Plus the Netsky virus has also been mentioned.[/b] My Norton Virus deletes everything, but when I send an e-mail to my niece's company, their firewall quarantines it. I have stopped sending mail to this address, but I am still receiving the above e-mails with different viruses mentioned, so it's obvious my address is being used by a robot. Yesterday I came across information that I could download an inf file, but I am unsure about deleting any other files. Would it be safe for me to download this inf file and use it? I'd appreciate any help for those who know what they're doing, thank you! Elle P.S. I'm a Senior! elle bold text Share this post Link to post
Sampson 0 Posted August 17, 2004 There are so many variants of this worm. So, to set your mind at ease, here is one way of going in yourself to locate any of its components: Kill these processes: bagle_modified.exe doc.exe eyaii.exe game.exe hcmhphpg.exe i-worm.bagle.gen_(91).exe i-worm.bagle.n.exe i-worm.bagle.p.exe i-worm.bagle.s.exe ketpjxsb.exe mwcsw32.exe mwremind.exe onde.exe programfilesdir+\norton antivirus\quarantine\5f0b3145.exe programfilesdir+\norton antivirus\quarantine\5f4f22f9.exe purev.exe rdou.exe systemroot+\bbeagle.exe tiridfhe_unpacked.exe you_are_dismissed.exe Remove these files: 0082d41c.com a64fdfc1.cpl anna.scr bagle.t_exploit.txt bagle_imports.txt bagle_modified.exe baglet_dumped.exe_ baglet_dumped.idb baglet_dumped_ascstrings.txt baglet_dumped_info.txt d2b4b531.cpl details.vbs doc.exe dump_bagle.t_imports.idc eyaii.exe game.exe hcmhphpg.exe info.scr ips.txt i-worm.bagle.gen_(91).exe i-worm.bagle.n.exe i-worm.bagle.p.exe i-worm.bagle.s.exe i-worm.bagle.z.com ketpjxsb.exe moreinfo.if mwcsw32.exe mwremind.exe onde.exe p2p.txt programfilesdir+\norton antivirus\quarantine\5f0b3145.exe programfilesdir+\norton antivirus\quarantine\5f4f22f9.exe purev.exe rdou.exe systemroot+\bbeagle.exe tiridfhe_unpacked.exe unpacked_.bin worm.yoursid you_are_dismissed.exe you_are_dismissed1.vbs Then, remove these directories: programfilesdir+\2wire\gateway\cl_mgr programfilesdir+\lexmarkx63\sprint Share this post Link to post
