Hi guys,

Had a nightmare getting rid of an 'flec006.exe' virus which basically caused all antivirus solutions (Antivir, Spybot, Combifix) to not install and function.

Eventually solved it thanks to Prevx, and got my Antivir and Spybot running again.

Now that it works again, I ran Antivir through a couple of times, and quarantined a load of files, clearing up the infected files that Prevx missed, and now it doesn't find any viruses, so thats good.

However, I have now run Spybot and it has found the following Trojan registry changes / keys:

Win32.Agent.bgy
Win32.Bagle.E
Win32.Bagle.Hi

Am I safe to let Spybot fix these, even though Antivir says that there is no virus on my system?

Many thanks for reading

mmmfreegoo:

In regard to:


… However, I have now run Spybot and it has found the following Trojan registry changes / keys:

Win32.Agent.bgy
Win32.Bagle.E
Win32.Bagle.Hi

Am I safe to let Spybot fix these, even though Antivir says that there is no virus on my system?
Which Avira product are you running?
Avira AntiVir Personal - FREE Antivirus
Avira AntiVir Premium
Avira Premium Security Suite
If you are running Avira AntiVir Personal (formerly called AntiVir PersonalEdition Classic) it does not include protection against spyware. Spybot is an anti-spyware product. Therefore Avira AntiVir Personal and Spybot would detect entirely different types of malware.

Concerning the actual detections you are getting:


… Spybot … found …:

Win32.Agent.bgy
Win32.Bagle.E
Win32.Bagle.Hi

…
Since you indicated that you recently encountered malware problems on your system and because I have not heard of any problems, such as false positives, related to Spyware detections for Win32.Agent.bgy, Win32.Bagle.E and Win32.Bagle.Hi, I assume that it would be ok to fix those detections (problems) as long as you are running the latest verion of Spybot (Spybot - Search & Destroy 1.6.0.30 - from the display of Spybot » Help » About).

If you want further assistance, I'm sure that it would be helpful for anyone trying to assist you with those specific detections, if you posted the actual detections you are getting because each spyware product, such as Win32.Agent.bgy, Win32.Bagle.E and Win32.Bagle.Hi that you listed, can detect scores of different registry entries related to each those malware products.

Please post a log of the actual detections you are getting. To do that, either:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results (Ctrl+V) to a new post in this thread.
Post the Checks.yymmdd-hhmm.log from a previous scan that shows the detection in question.
By default here are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. A Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.
There are two methods to copy and post that information from previous scans:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the Checks.yymmdd-hhmm.log file that contains the detections that you would like help with. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

hi md usa spybot fan,

I am using Avira AntiVir Personal - FREE Antivirus - sorry, should have mentioned this..

I am also using the latest version of Spybot (1.6.0.30)

Here is the Log File from the one and only scan that I have completed since re-installing Spybot:

Hint of the Day: Click the bar at the right of this to see more information! ()


Microsoft.Windows.ActiveDesktop: [SBI $377029D9] User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper

Microsoft.Windows.ActiveDesktop: [SBI $377029D9] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2502318740-2737363225-3369514088-1009\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper

Microsoft.Windows.ActiveDesktop: [SBI $377029D9] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Win32.Agent.bgy: [SBI $3FF5579E] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2502318740-2737363225-3369514088-1009\Software\FirstRRRun

Win32.Bagle.E: [SBI $FC4E0548] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2502318740-2737363225-3369514088-1009\Software\DateTime4

Win32.Bagle.hi: [SBI $CD1D5200] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2502318740-2737363225-3369514088-1009\Software\FirtR

Win32.Bagle.hi: [SBI $0F412E05] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-07-17 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-07-15 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-11 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-15 Includes\Keyloggers.sbi (*)
2008-07-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-16 Includes\Malware.sbi (*)
2008-07-16 Includes\MalwareC.sbi (*)
2008-07-15 Includes\PUPS.sbi (*)
2008-07-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-11 Includes\Spyware.sbi (*)
2008-07-15 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-15 Includes\Trojans.sbi (*)
2008-07-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks for your time

Hello,

I suggest to fix these:

Win32.Agent.bgy
Win32.Bagle.E
Win32.Bagle.hi
Win32.Bagle.hi

Best regards
Sandra
Team Spybot