Please help me regain control of my computer! For two days I've been battling a Bagle trogan which has taken control of my WinXP PC, deleted my antivirus and antispyware software and driven me nuts.
It has also locked me out of the system restore, won't allow me update windows and prevents me from booting in safemode. Any help would be appreciated
I've managed to arrive at the diagnosis of Bagle from two sources:
This is the following action I've taken with no effect:
1. Cannot start the system in safemode.
System reboots everytime after it displays the message: "please press and key to stop loading SPTD.sys"
2. Obtained a copy of Ultimate Bootdisc for Windows (UB4W) which allows me to boot up and contains a number of antivirus and antispyware tools, including: AVPersonal, Avast, Mcaffee Stinger, TrendMicro Sys clean. Some of these find and claim to have removed the virus but it's still there when I boot normally.
3. Followed the advice of the TrendMicro Website Virus Encylopedia and removed the REG key relating to m_hook (after booting with UB4W - the closest I can get to safemode).
4. Deleted the files exe and tmp filed created in:
C:\Documents and Settings\Tony M\Local Settings\Temp\
C:\Windows\exefld\
They just keep reappearing every time I boot.
by using Agent Ransack (great program BTW)
(and all their reg entries)
So no more blocking of installation of most of my antivirus or spyware programs. great!
BUT: I still can't install Sophos Antivirus
Something still has control of the PC and is creating ~DFXXXX.tmp files in my: C:\Documents and Settings\*Me*\Local Settings\Temp folder which I cannot delete from inside windows. I assume this is a bad thing right?
At the bottom of my signature is a link to hijackthis, spybot and adaware please follow directions and see if you can post a hijackthis log.
If you can't post a hijackthis log but can get it on your computer try right clicking hijackthis.exe and select rename and rename it to foolyou.exe and press enter and see if you can post one now.
I'd actually managed to get rid of the bugger myself and done a windows repair installation and all seemed good. I turned on the PC the next day and the hardrive was unreadable by any app I could find - MFT was missing.
I'd been getting messages while the system was infected, telling me to run chkdsk (saying the C:\$Mft was corrupted) and I guess it just gave up the ghost the next day. Twice as frustrating as I'd finally managed to clear the damn infection!
Anyway, I needed to get on the net so I reformatted the hardrive (lost everything! - no backups - a lesson to all) and reinstalled WinXp today (boohoo).
Next time I'll remember to backup on a regular basis ...
