SYSTEM RESTORE BAGLE WORM

[simon]

Some advice please. I have just run a scan on my computer using AVG free
edition. 33 files were found to be infected with BAGLE.IF and BAGLE.10.These
were automatically removed to the VIRUS VAULT. So fas so good, but then I
looked for more information on AVG and found the words "File had been
imported from the AVG Virus Vault 6.00". Does this mean they had been found
and placed into the VIRUS VAULT in the past and had somehow been restored?
I had recently carried out a system restore to an earlier date.
I did also find this: "file path: system volume
information/restore.........."

The only difference I can see on my computer after removing the worm is that
the little light bulb at the bottom of my screen which shows the state of
battery charge, has vanished. Surely a coincidence?

 

[Max Wachtel]

simon (e-mail address removed) on 11/12/2005 in

Some advice please. I have just run a scan on my computer using AVG
free edition. 33 files were found to be infected with BAGLE.IF and
BAGLE.10.These were automatically removed to the VIRUS VAULT. So fas
so good, but then I looked for more information on AVG and found the
words "File had been imported from the AVG Virus Vault 6.00". Does
this mean they had been found and placed into the VIRUS VAULT in the
past and had somehow been restored? I had recently carried out a
system restore to an earlier date. I did also find this: "file path:
system volume information/restore.........."

The only difference I can see on my computer after removing the worm
is that the little light bulb at the bottom of my screen which shows
the state of battery charge, has vanished. Surely a coincidence?

It is a good idea to remove restore points when cleaning.Sometimes the
nasties are hiding in there! Better to use backup tools then to rely on
system restore. It might be a good idea to use David's tool to scan
your system.I have a link to it on my site: see Virus Removal
Instructions below-
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[Befunge Sudoku]

It is a good idea to remove restore points when cleaning.

Depends. Sometimes doing a system restore to a date before the
infection is the quickest way to get the machine going again.
And then you scan it completely anyway, of course.

While I do often disable System Restore, I prefer not to if I
don't need to, in case I want to use one of the restore points.