Win32.Bagle.SWQ

[mclot]

 

Our Avast 4.8 Professional hasn't found the Win32.Bagle.SWQ virus !!!
AVAST has been disabled (!!!) and other exe are no more recognized.
This virus uses the srosa2.sys file.

Regards.
Massimo

[.: L' arc :.]

Are you able to remove it? If not, please consider using the following:

(1) Malwarebytes Antimalware. Don't forget to update it before running a scan.

(2) Hijack This, how to use:

1. Please download HJTsetup.exe
2. Save HJTsetup.exe [preferably, in your desktop.]
3. Install Hijack This to C:\Program Files\Hijack This.
3. Continue to click Next in the setup until you get to see Select Addition Tasks.
4. Put a check on Create a desktop icon then click Next. Continue following the next prompts until you reach the last part.
6. On the last part, click Finish. Hijack This Main Menu will appear.
7. Click on the Do a system scan and save a logfile button. A scan will be processed and when its done, notepad will appear.
8. On notepad, copy the entire log through clicking on Edit > Select All then click on Edit > Copy.
9. Head back here in the forums and paste the copied files onto your next reply.

NOTE: DO NOT let Hijack This fix anything yet.

[mclot]

Yes, we've been able to remove it using BitDefender online version.
Many other antivirus software can detect it.
I really hope that Avast add support for this very dangerous worm asas.
It isn't nice that a virus can disable Avast !!!

[Sirmer]

Hello,
viruses are able to disable more antiviruses then just avast.
Can u post this file here pls? zip it with some password like virus and write this password to your post.
Thanks.

[DavidR]

Send the sample to virus@avast.com zipped and password protected with the password in email body and undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

[Tech]

Sirmer, welcome to avast team!

[mclot]

No doubt about the fact other antiviruses can be disabled by certain viruses    
More, obviously other more celebrated antiviruses will not find this and other viruses too.
But I'm using Avast ... and Avast didn't find this one.
And this the only fact that matters to me as I'm wasting time trying to recover my pc.
That's why I have pointed out the problem, in the hope you'll add something in Avast to avoid this in the future.

I sent to virus@avast.com the zip file "Win32_Bagle.zip", password protected.

Thanks a lot.
Massimo

[DavidR]

Thanks for trying to help improve detections.

[CharleyO]

***

Welcome to the forums, mclot, and thanks for helping with detections.   

Welcome to the avast team, Sirmer.  


***

[M_Arkus]

Is really a shame that one month after, avast not detect the Win32.Bagle.SWQ. My computer was infected yesterday and the BitDefender Rescue disk cant solve the problem (sorry for my bad English).