Category: process

Removing Win32/Bagle.HE worm

Paul15 Replies

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

  • Documents and Settings\All Users\Application Data\hidn\
    hldrrr.exe

  • Documents and Settings\All Users\Application Data\hidn\
    hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps.  I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this.   You need to remember that only you can prevent this from the future.   You should also update your windows update and make sure your system is up to date.

Figuring out the Email-Worm Win32.Zafi.b

Paul

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing.   Also remember you need to have an anti-virus  and also a firewall to protect yourself in the future.

CBS Confirms the Axe of Layoffs for CNET

Paul

CBS throws the gauntlet and says in a statement :

CBS Interactive continues its integration process, which now calls for the further combination of several portions of the division into unified groups oriented around similar content. This important move allows us to better align our premium content for our audiences and our advertisers, and also results in reduction in certain areas that are now duplicated in the new organization structure. We believe these moves are necessary to continue building CBS Interactive into the most creative, most efficient, most profitable and fastest growing Internet company in the media business.”

[ad#ad2-right]Now I can Only guess as to what they will re-organized but if it is anything like Jeff Gerstmann and how we heard people might resign over that little fiasco. I’d give the likely hood of several people from Gamespot and Probably even more people from C-NET. I don’t know who they will lay off but I do know they are going to re-organization. You will probably have to pay for content from them in one way or the other. This is somewhat not un-expected due to the Economic Stress we are currently in and Probably will be for some time.

If I hear what happens I’ll will update my post and all.  If you want to check out the other lay offs in the technology industry please feel free and click here.   I am sure to have more in the coming months.   Time is the only constant and will always be moving forward.

Is this Hardcore PC Falcon Northwest Mach V Extreme or not?

Paul

[ad#ad2-right]Just saw this on PcWorld Reviews and thought I’d talk about the specs. I would love to get one of these for my self. It comes with:

All these are links are for those who would like to make this computer yourself.   The links are where you could go to buy the parts. The price after you buy the parts are estimated at $7395 price and I think you could get that down to 5000$ if you look for rebates and other incentives.   I wouldn’t mind having this computer for gaming myself.   It sure would be nice to give for someone on the holidays.  This would be good for people wh o are looking to computer game developers or people who are into 3D rendering.  Just though I share this little  review with you.   They really did a fantastic review of this product on there site.