squart
2008-02-28, 19:04
Hi everybody,
my computer (Windows XP SP2) got recently infected by a virus that has blocked my antivirus and related programs (Spyware Doctor,Spybot SD, Zonealarm, can no longer be launched). Unfortunately even Hijackthis does not run. I was able to get a log from Rootkit Revealer.
It all started when I inadvertently opened an exe file receive from a source which I trusted, but it was not that good….
Now I know from kaspersky online scan facility (http://www.kaspersky.com/scanforvirus) that unfortunately that file contained the Trojan-Downloader.Win32.Bagle.jf.
Symptoms, besides the inability to launch the main antivirus programs, are the following:
- Internet navigation does stall after a few web address changes.
- Online scans for virus (e.g. those from pandascan, f-secure, symantec, and McAffee) do not start the job (things stall on that page for a minute or so and nothing else happens).
- starting windows in safe mode is prevented (it would bring me back on the booting options saying that an error occurred and the only way to get through is to start windows normally.
I also see in the task manager processes that a wintems.exe process (known as a related threat) is active and can not be terminated. Another problem is that something prevents me to start windows in safe mode (only the normal start will get through).
Could anyone give me some help on how to do to clean up the infection ?
I will appreciate your cooperation and I thank you in advance for support and directions
Andrea Squartini
my computer (Windows XP SP2) got recently infected by a virus that has blocked my antivirus and related programs (Spyware Doctor,Spybot SD, Zonealarm, can no longer be launched). Unfortunately even Hijackthis does not run. I was able to get a log from Rootkit Revealer.
It all started when I inadvertently opened an exe file receive from a source which I trusted, but it was not that good….
Now I know from kaspersky online scan facility (http://www.kaspersky.com/scanforvirus) that unfortunately that file contained the Trojan-Downloader.Win32.Bagle.jf.
Symptoms, besides the inability to launch the main antivirus programs, are the following:
- Internet navigation does stall after a few web address changes.
- Online scans for virus (e.g. those from pandascan, f-secure, symantec, and McAffee) do not start the job (things stall on that page for a minute or so and nothing else happens).
- starting windows in safe mode is prevented (it would bring me back on the booting options saying that an error occurred and the only way to get through is to start windows normally.
I also see in the task manager processes that a wintems.exe process (known as a related threat) is active and can not be terminated. Another problem is that something prevents me to start windows in safe mode (only the normal start will get through).
Could anyone give me some help on how to do to clean up the infection ?
I will appreciate your cooperation and I thank you in advance for support and directions
Andrea Squartini