Avast WEBforum

Other => Viruses and worms => Topic started by: diana_loves on November 19, 2008, 05:14:52 AM

Title: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 19, 2008, 05:14:52 AM
Yesterday my Avast! Home Edition crashed and shut down after I tried running a setup file I downloaded. Windows Defender and Windows Firewall seemed to be inoperable, too.

When I tried launching the Avast console I kept getting a message saying that Avast was not a valid win32 application. Windows Defender also displayed "an initialization error message".

After doing some research, I found a virus removal tool called Elibagle that identified and removed 7 infections while running it in Safe Mode, although there were various files and folders it claimed not to have access to.

I ran Elibagle, Malwarebyte's Anti-Malware, Combofix, AVG virus removal, and Avast virus removal. Only the second one found some additional virus. I don't know if they were associated to the main infection. But it removed the viruses. However, Avast kept throwing the "not a valid win32 application" and Windows Defender kept throwing the "initialization error". Windows would tell me that it had blocked some applications, when I clicked on "Show blocked application" the Windows Defender error came up, and when I tried to "Run blocked application" it told me that "TOSCDSPD.exe from an unidentified publisher" was trying to gain access to my computer so I decided not to grant access.

I tried uninstalling my Home version and installing it again. It asked me if I wanted to run the boot scan that Avast always offers the first time after installation and although I said yes, the computer just restarted and got into windows without running the boot scan and kept failing to initiate Avast.

Finally after running all the previous programs over and over, I decided to uninstall Avast! Home and install the trial version of Avast! Pro. Once again it asked me if I wanted to run the boot scan. SUCCESS! Finally it ran the boot scan before loading Windows Vista.

Now I have this message displayed and I'm not sure what's the best option:

Report file: C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.text

Scan of all local drives

File C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe is infected by Win32:Beagle-AHE [trj]
Press  1  to  Delete
         2       Delete all
         3       Move
         4       Move all
         5       Move to Chest
         6       Move all to Chest
         7       Repair
         8       Repair all
         9       Ignore
         0       Ignore all
         Esc    Exit :


Since this is exactly the file that Windows seemed to be blocking I'm not sure what to do!!  I want to eliminate the problem as soon as possible but I'm afraid to be Deleting or Removing an important backup file or something.   Can anyone give me a hand?

Thanks!!!
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: FreewheelinFrank on November 19, 2008, 06:18:29 AM
Option 5 "Move to Chest"- this is the option to quarantine suspected malware.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 19, 2008, 12:38:07 PM
Hey Frank!

Thanks for your reply...  what´s the difference between "Move to Chest" and Move all to Chest". The only thing I´m afraid of is moving that file to the chest and not being able to restablish my Windows Defender because it seems to be a related .exe, or actualy leaving the virus latent if I just move it instead of deleting it.

Can you throw some light on this?  Again!! Thanks a bunch!

Diana
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: Lisandro on November 19, 2008, 12:41:27 PM
Beagle is a dangerous malware to avast installations. Take care.

what´s the difference between "Move to Chest" and Move all to Chest".
Moving one file only or moving all detected file. I think it's not safe send all to Chest, specially if you move a necessary file to boot the computer, it will be unbootable :'(
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 19, 2008, 04:59:01 PM
Thanks Tech!

Does this mean that the "Repair" options are not a good idea?
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 19, 2008, 07:06:09 PM
The Repair option only works in certain circumstances, infection of a file by a 'true' virus and that infected file must be on that has been included in a VRDB generation. So that would linit greatly what could possibly be repaired and if that repair failed I don't believe you would get prompted for another action.

So the safest option is to move it to the chest, here you have other option that you can try later.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 19, 2008, 07:14:01 PM
Thanks David!

The scan is now 95% of the way and it seems the Avast Pro Boot Scan has found some other infections, according to the log so far:

File C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe is infected by Win32:Beagle-AHE [trj]
File c:\Qoobox\Quarantine\C\Windows\System32\drivers\winfilse.exe.vir is infected by Win32:Beagle-AHE [trj]
File C:\Users\Fidelis\Desktop\vray\vray 1.5 rc5 max 2008\Crack\Keymaker.exe is infected by Win32:Crypt-CYC [trj]

So far I've moved all of them to the Chest since it seems to be the safest option and I imagine I will be able to access the Chest later to ask Avast to clean or delete the files if necessary, is that right?

If the boot scan is still running could I hook up my ipod to the USB port for it to be scanned too, or is it too late?

Thanks guys!!
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 19, 2008, 07:29:41 PM
The first detection TOSCDSPD.exe needs further investigation as it seems a legit file (the reason why sending to the chest is important), see below.

The second detection is an interesting one it looks like this quarantine folder isn't encrypted

The third detection looks good as using cracks is a high risk business not to mention any legal/moral issues, who can you complain to when using a crack that your system got infected ???

When done, and windows has booted, right click the avast 'a' icon, select avast! Antivirus Chest, the only part that interests you is the Infected Files section.

I don't even know if avast's boot-time scan would scan attached devices on a boot-time scan, some might net even be recognised before windows boots (depending on your BIOS settings).

####
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect.
Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\*
That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.

Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 19, 2008, 08:41:03 PM
You've been very helpful David!!

Point taken on the "cracks" comments!!  :-\ ... will do my best to resist the temptation in the future!

Anyhow, I have good news... after the Avast boot scan, the initial problem generated by the infection seems to have been corrected: the Avast console is now operating. I still haven't hooked up to the web on the infected laptop but that's the next thing I'll try so I can test how the Avast updates and web protection are holding up...

However, the Windows Defender problem persists. I get this message:
     
     Windows Defender
     Application failed to initialize:0x800106ba. A problem caused this program's services to stop.
     To start the services, restart your computer or search Help and Support for how to start a
     service manually.


After researching the problem in Microsoft's page, I found that the error can be corrected by uninstalling and reinstalling Windows Defender.

In the internet I found out that one of the infected files (TOSCDSPD.exe) is related to a Toshiba CD/DVD Drive Acoustic Silencer installed on various models of Toshiba Laptops such as mine. I checked the file were the Toshiba TOSCDSPD.exe should be for the Acoustic Silencer to work and it's not there. So I imagine that confirms that it is not a clone file but the actual file that has been infected. Interestingly, TOSCDSPD.exe was actually the "application" that tried to access my system when I attempted to click on "Run Blocked Application" when I got the notification from Windows that an app had been blocked. The other option in that popup was "View Blocked Applications" and when I clicked on that option I immediatly go the Windows Defender error quoted above.

At this point, I'm not sure if the apparent connection between this infected TOSCDSPD.exe and the error with Windows Defender is real.

Would you recommend going ahead with the uninstall/reinstall of Windows Defender? How would I go about "cleaning" the TOSCDSPD.exe file if it is indeed a component that has to be in the laptop for the Acoustic Silencer to work?

(Sorry for all the questions!!)

Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 19, 2008, 09:01:23 PM
I have never used windows defender never rated it that much but things like this are often corrected by an uninstall, boot, install.

The Beagle infections are pretty bad as part of their action it to try and disable your security software and that could well be what hit windows defender.

My comment about the detection on TOSCDSPD.exe you need to follow that up and confirm if the detection was good or otherwise. So read my instructions on how to do this under the ####

So you aren't cleaning but confirming if TOSCDSPD.exe is indeed infected or not once that is done then we can consider what action is neded.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 20, 2008, 12:38:57 AM
Ok, David... I'll follow your instructions and send the file to VirusTotal.. just have a couple more doubts that you might be able to clarify for me.

I just uninstalled the Acoustic Silencer from my Toshiba (the application connected with the supposedly infected TOSCDSPD.exe file) after downloading a clean installer for the application from the Toshiba website.

My questions are, if I follow your instructions to send the report to VirusTotal, won't I run the risk of reactivating the beagle virus that supposedly infected the TOSCDSPD.exe file when I'm trying to export it to the c:\Suspect  folder?

If that is a real risk and if indeed I already found the installer to recover that application, could I just Delete the file from the Chest and be rid of it finally? Is that what happens when you Delete the files form the Avast Chest? Are they deleted totally without leaving any other trace in the recycle bin or any other place in the laptop?

Thanks again for all your help!
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 20, 2008, 01:29:32 AM
Exporting is just copying not running, the fact that it isn't in the original location also gives some limited protection (even if it were infected) because any run command would be referencing the original location.

So with the file in the suspect folder it would effectively be inert unless you actually execute/run the file, which you aren't going to do.

As I have said deletion is a last action and then only if confirmed as infected and that is what we are trying to do.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 20, 2008, 02:55:55 AM
Me again.

I did as you suggested and uploaded the exported TOSCDSPD.exe file to VirusTotal.

I don't know how to interpret the results so I'm posting them here to see if you can tell me what's the next necessary step:

File TOSCDSPD.exe received on 11.20.2008 02:38:25 (CET)Antivirus Version Last Update Result

AhnLab-V3 2008.11.18.2 2008.11.19 Win-Trojan/Bagle.872456
AntiVir 7.9.0.34 2008.11.19 TR/Dldr.Bagle.agb
Authentium 5.1.0.4 2008.11.19 -
Avast 4.8.1281.0 2008.11.19 Win32:Beagle-AHE
AVG 8.0.0.199 2008.11.19 Win32/Themida
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.19 TrojanDownloader.Bagle.agb
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.19 Trojan.Packed.650
eSafe 7.0.17.0 2008.11.19 Win32.Bagle.agb
eTrust-Vet 31.6.6217 2008.11.19 -
Ewido 4.0 2008.11.19 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 Trojan-Downloader.Win32.Bagle.agb
Fortinet 3.117.0.0 2008.11.20 W32/Bagle.AGB!tr.dldr
GData 19 2008.11.20 Win32:Beagle-AHE 
Ikarus T3.1.1.45.0 2008.11.20 Trojan-Downloader.Win32.Bagle
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 Trojan-Downloader.Win32.Bagle.agb
McAfee 5439 2008.11.19 Generic Downloader.x
Microsoft 1.4104 2008.11.20 TrojanDownloader:Win32/Bagle.WB
NOD32 3626 2008.11.19 Win32/Bagle.QH
Norman 5.80.02 2008.11.19 W32/Mitglied.BEI
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.20 Malicious Software
Rising 21.04.22.00 2008.11.19 -
SecureWeb-Gateway 6.7.6 2008.11.20 Trojan.Dldr.Bagle.agb
Sophos 4.35.0 2008.11.20 Mal/Bagle-B
Sunbelt 3.1.1801.2 2008.11.14 Trojan-Downloader.Win32.Agent.V (vf)
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 W32/Behav-Heuristic-064
TrendMicro 8.700.0.1004 2008.11.19 -
VBA32 3.12.8.9 2008.11.19 Trojan-Downloader.Win32.Bagle.agb
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
 
Additional information
File size: 872456 bytes
MD5...: 1fb8c915bad498904ea46e1bec9fc0c0
SHA1..: 529e1e968db9a6b82a0f9d48277a0a7379e39f85
SHA256: a21f6074c28fc03afd9af429f06d9616931f7d3870c249f48e66ce98489e46be
SHA512: 626a8daa5d6cd2653601bbf6172b574881e3c22ea023473f3b59458d67fce31b<BR>dfde7ff8959d78f04b6fcebbffb575eba478170dd492c4b64c7eee36d5ab62f0
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x488014<BR>timedatestamp.....: 0x4912b351 (Thu Nov 06 09:05:21 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0x1000 0x7f000 0x3a000 7.98 042f03724e2a90c658f9c412cd6fa2ac<BR>.rsrc 0x80000 0x6a08 0x3000 5.90 df1e50853b5cb1b9edc4fc61a936228c<BR>.idata 0x87000 0x1000 0x1000 0.24 1774b4558eb29db1bb488bcb9523da64<BR>Themida 0x88000 0x156000 0x96000 7.88 db89fa947c97866ccb1ce2a4d8c94bc5<BR><BR>( 2 imports ) <BR>&gt; KERNEL32.dll: CreateFileA, ExitProcess<BR>&gt; COMCTL32.dll: InitCommonControls<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=99AE801B0813BC94508F0D6755CD55007A046904
packers (F-Prot): Themida  


Does this mean it was or wasn't a false positive? Should I report it to  http://forum.avast.com/index.php?topic=34950.msg293451#msg293451. If it is a false positive can I safely reinstall the Acoustic Silencer that I downloaded from Toshiba which surely contains another file named TOSCDSPD.exe? Won't this cause Avast to report it as a virus or malicious software?..... Does the fact that Avast is running normally again mean that I'm free of this obnoxious beagle pest?  ......asks the newbie yet again!!   ::)
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 20, 2008, 03:16:23 AM
Fortunately I know how to interpret that particular set of results, it is a good detection it isn't a false positive, you should delete the copy in the suspect folder.

Now you re-downloaded the Acoustic Silencer installation file and avast should have scanned that file when you downloaded it (if not or you aren't sure find where you saved it to and right click on the file, select Scan selected area for viruses) that should find if anything is infected on it. If no detection you should be OK to reinstall just watch for any avast alert, but that may not be the case.

There is no need to report it as it isn't a false positive.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 20, 2008, 04:01:08 AM
Sounds good!

I guess this would probably mean that the beagle infection has been erradicated, yes?

And now for the final question that just poped into my mind....

As soon as the initial problem started I backed up the most important files I had on my ipod. Is there a way I can scan my ipod (maybe with Avast!Pro) while making sure that nothing in the ipod will be able to reinfect my laptop? Maybe I need to run on Safe Mode and only then connect my ipod to run an avast scan?

Thanks again for all your help in this matter!!  :)
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 20, 2008, 03:45:13 PM
It means that the infected file has been dealt with, how it came to be infected is the 64,000 dollar question. So it may be worth running some other tools to see if there is any undetected or hidden elements of this infection on your system, see below.

I take it you scanned the Acoustic Silencer installation file, found it to be clean and installed it without any avast alerts ?

You can plug in and scan your ipod's storage using the Simple User Interface regular on-demand scan. Or having plugged it in, using windows explorer, right click on the ipod drive and select, Scan selected areas for viruses, etc.

####
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 20, 2008, 04:23:35 PM
Yeap!!  I scanned the file I downloaded from the Toshiba site. Bug free according to Avast. Installed it. Acoustic Silencer is now working smoothly. Needless to say, I owe you big time! The guys at Symantec support tried for about 40 minutes to convince me to invest in a $150/30-day long solution saying that every minute wasted trying to get information in public forums could potentially mean the total loss of my data as well as my laptop....  I'm now seeping a glass of wine in your honor, so Cheers!!

As for the origin of the infection, the rar file I thought I was downloading was a trial version of Muvee (a video editor). And as soon as I ran the setup file in the rar (which, of course, I forgot to scan first *Insert much deserved face-slapping here, please*) I got the mysterious "Blackbox Decoder Install Console" screen which upon closing triggered the whole crash of my antivirus. My initial panicked reaction was backing up all the important info and deleting both the rar and the extracted file folder. I don't know if that was such a good idea as it probably would've been helpful to scan those files too to answer the 64,000 dollar question.

I'm now only left with the pain-in-the-butt Windows Defender issue, which mainly is not generating any trouble except for the nagging feeling of knowing that it is there, not doing a damn thing for my system and can't even find a way to unistall it to see if it can be "reinstalled" successfully (it doesn't appear in the list of programs for uninstall in the control panel). Any ideas on this one?

Regarding the other suggestions, I have ran MalwareBytes Anti-Malware several times both in Safe Mode and Normal Mode and I hasn't located any other infections. I guess that's good? I'm now downloading SUPERantispyware now to see what it finds.

I'll keep you posted!
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 20, 2008, 04:59:00 PM
You're welcome, I guess they don't know much about the avast forums ;D

MBAM is a good application doesn't take up much resources unless you run its on-demand scan and worth keeping as part of a multi-application approach to your security as is SAS. Multi-application approach is great with the right applications, ones that compliment (not clash) each other and these work fine with avast.

I generally pause the Standard Shield whilst running scans with these scanners, if running in normal mode (not required in safe mode as avast isn't running), overall this speeds up the scan duration.
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 21, 2008, 06:56:19 PM
Haha! My guess is they don't know much about forums at all

Ok. Done. Finally got to run SUPERAntiSpyware and it found nothing on the laptop. The ipod seems to be clean according to Malwarebytes's and AvastPro so I guess I'm in the clear?

Now I'm just wondering how to get rid of the Windows Defender useless component which is just... there. Like having a corpse on my Control Panel. Any ideas on how to get it off if it doesn't appear on the Uninstall list?


Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 21, 2008, 07:24:51 PM
Well useless is perhaps a little strong, even though I don't rate it very much, it doesn't seem to catch anything (from comments in these forums) but I believe it is meant to have resident protection (though it doesn't seem to have done much for you in this case).

I have never used it so I have never tried to remove windows defender, but my friend google probably does ;D
http://www.google.co.uk/search?q=remove+windows+defender (http://www.google.co.uk/search?q=remove+windows+defender)
This is just one of the hits, http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=479680&SiteID=17 (http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=479680&SiteID=17) another http://wiki.answers.com/Q/How_to_remove_windows_defender_from_vista (http://wiki.answers.com/Q/How_to_remove_windows_defender_from_vista).

Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: diana_loves on November 21, 2008, 09:06:55 PM
You're right... it might not be useless, if I could actually get it to work again!   :P 

The problem is that since the crash of Avast (which has now been corrected) Windows Defender keeps throwing that error message that I mentioned in a previous post of the application not initializing. That's what I meant with the "corpse" reference...

So that's why I want to try uninstalling it to see if it can be repaired to actually perform... whatever function it was performing (or not!?) before the crash... but for some reason I can't find it listed in the programs list. You don't think this could be another bug trying to make my day, do you?

Thanks for your patience with the endless questioning!!
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 21, 2008, 10:08:22 PM
Well first I believe you would have to uninstall/remove (check out the links I gave) and reinstall it if there is a way to do that in Vista as I don't know if it is an integral part of it,
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: Sepehr on November 25, 2008, 05:33:10 PM
I REALLY NEED HELP!!!

Hi all!

I have been experiencing quite a similar problem for the last 2 days. I downloaded a cracked instalation of a Pocket PC software (I know I did a wrong thing by looking for a cracked software!), and then continued for installation. As what happened to diana_loves, a box appeared about Black Box Communication and finished its instalation before I could do anything. Then after a short while, a blue screen appeared. So, I restarted my laptop (Dell Inspiron 630m) and realized that the usb connection between my Pocket PC and the computer for synchronization is lost. Besides, my wireless internet connection was disconnected as well and I couldn't connect it. When I tried to search for available networks to rebuild the connection, it showed me the message that you should use another application if you have defiend another program for this purpose. Besides, Intel Proset Wireless starts to poping up notofications about available networks which I hadn't experienced before. I have never used this software. One more thing was about the low performance of my CPU as my Yahoo Widget was showing it 100% busy.

So, I went for system scan using my anti viruses, and realized that both NOD32 and Adaware 2008 I had were not accessible and recieved a message that they are not a system32 applications. Also, the McAfee firewall I had was disappeared from the both icon tray and my program files!!!

Therefore, as the Virus got the control of my system, I chose to remove the hardware from the laptop and use a HD Enclosure to connect it to another system for system scan. I did this and used NOD32 and Adaware 2008 on another laptop to scan my HD. They both found a win32\bagle.qh worm on Srosa.sys file in system32\drivers. Adaware also find another malware in my system volume information with a risk of 10 out of 10. So, after I first used NOD32 and delted the worm, I put the HD back and run the computer. But still I had the same problems with no change. So, I did the scanning process one more time using Adaware 2008, and after deleting all the worms and malwares run the computer again and still I had the problems. Eventually, I did what diana_loves did as using avast pro and was hoping for scan boot. But it didnät happen after restarting the computer and when I tried to do it manually, the same message as for other anti viruses appeared.

By the way, I can not get into safe mode because of facing a blue screen and my OS is XP SP3.

So, I don't know what to do now. Please let me know if you have any idea or have experienced similar thing before. I am starting to freak out.

PLEASE HELP.

Best Regards,
Sepehr
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: DavidR on November 25, 2008, 06:27:22 PM
I would say if you haven't read all of this topic and used all the tools suggested.

Then I would say it would probably be better to create your own new topic, so if there are any minor differences (as in your similar experiences comment) so it doesn't confuse this topic.

- Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.

In that new topic you can report the findings of the various tools suggested in this one and we can try to rectify the no safe mode issue (a common malware tactic).
Title: Re: HELP!!! What do I do? TOSCDSPD.exe is infected by Win32:Beagle-AHE [Trj]
Post by: Sepehr on November 25, 2008, 06:37:14 PM
Hi,

Good point. Actually I realized this and so I created a new topic. But I just forgot to clean this reply.

Please reply to my topic as I really can use your help.