Win32:BeagleCraw[Trj]

[vanderloo]

Can't seem to get rid of this buger. Have done 3 Avast virus scans, (Home edition 4. and it finds this trojan every time but can't delete it. I have most upgraded version of Avast. Hopefully someone can help me out. Runing Windows xp Pro. I get "Another program is trying to access e-mail addresses you have stored in Outlook. Do you wish to allow This?" Every time I try yo attach an Adobe .pdf to an outgoing email.
Thanks

[DavidR]

Why can't it delete it (errors, file in use, etc. why) ?

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

[Lisandro]

Beagle is a very dangerous virus against avast installations.
As soon as you can, follow the general cleaning procedure bellow and repair your avast installation through Control Panel.

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

Also, you can try full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

[vanderloo]

I suspected that Avast can't delete, move to chest, or repair this file because it's embedded in my Outlook.pst file and perhaps Avast can't open a .pst?? It locates the four files, all in the same location, every time I do a scan and it says "error occurred during file deleting/move/repair. This operation is not supported for this type of archive."
I tried to find out how to open a .pst file so I could try to manually delete it, (is this a bad thing to do?), but I'm still waiting on information on how to open a .pst and edit.
Tech, your reply seems very intimidating to me. It looks like, correct me if I'm wrong, I would have to download 6 or 8 programs to complete this cumbersome task. In regards to line 2; I was searching earlier for how to turn archive scanning on but couldn't find anything. I'll try Drwebcureit and see where it gets me but, for the record Avast did detect it. It just can't touch it. Also, I've tried submitting a tech support ticket on this site from 2 machines and every time I click the link to generate a ticket I get a blank page.

[DavidR]

It can be a problem extracting an infected email from within a .pst file which could contain thousands of emails, so the last thing you want to do is corrupt the pst file with the potential for loss.

You will have to try and find the infected email in Outlook and delete it manually, there should hopefully be enough info in the detection info (see below) email subject, etc. to find it using the search function inside Outlook, it is also likely to have an attachment, so that may narrow it down. Once you find it and delete you should then empty the deleted items folder and compact your folders. Sorry if these terms are wrong I don't use outlook.

Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

[polonus]

Hi vanderloo,

Indeed there is no easy way out here, but let us see what we can do. First try this online here, the scan may take some time, but you can do that overnight. Scan your PC at: Windows Live Safety Center (http://safety.live.com/site/en-US/default.htm) Then you can do the scan with the latest version of DrWeb CureIt launched from an usb stick. Because this virus is very aggressive towards av-solutions like MacAfee and also against avast, you may be have to uninstall and re-install avast later. I hope my proposed attack of this nasty will be a solution for you. Do not panic and all will be all-right, and also from here in Holland: "Een heel gelukkig jaar 2009, en als het kan virus-vrij!",

polonus (malware fighter)

[vanderloo]

Thanks guys! Happy New Years to all.
The file is supposedly in my deleted items folder according to the log; C:Documents and Settings\All Users\Application Data\Microsoft\Outlook\outlook.pst\Personal Folders\Top of Personal Folders\Deleted Items\Unknown\08_price.zip\price\price.exe\[Embedded_l#0a26].
I emptied my deleted items folder and the problem persists. I will try windows live safety center. Having issues with the Dr Web CureIT download. It does an express scan in about 1 minute and says no viruses found 1490 files checked. Gives me no option to do a complete scan,(greyed out). Tried goiong to their site to download full version 30 day trail and it's all in Russian or whatever. Can't find anything. Polonus, say hello to all of my relatives over there.

[Lisandro]

You can also try on-line scanning that I've posted on reply #2.

[DavidR]

Running 'any' AV scanner against the .pst file is still prone to the same issues of .pst corruption, which is why I said you should try and find the file manually in your email folders. 

Try a search for the 08_price.zip attachment and see if you can find that.

Also did you empty the deleted items folder and compact the folders as suggested. Deletion of emails is really no different from deleting files, the actual file isn't deleted, just the reference to it in the file table. The same is true of the emails, it just removes the entry for it in the .pst but it still exists, when you compact the folders that is when stuff really gets removed.

[Lisandro]

Beagle is a very dangerous virus against avast installations.

Remember that...

[vanderloo]

Well, it's been a day of searching and cleaning and here's where I'm at; I upgraded ad-aware to 2008 and did a scan with that. Removed some bugs there. It did not detect the same trojan. I did a scan with windows live onecare and it found a mountain of junk. I deleted all of the corrupted files that Avast pointed to as the contaminated files and, after doing another Avast scan, everything was clean. But when I go to attach an Adobe pdf file to an email I still get a warning "another program is trying to access e-mail addresses you have stored in outlook. Do you wish to allow this?" When I do a search on this message, I'm finding out this is a message generated by a microsoft outlook security update. I'm anxious to hear some opinions. Is this something I should still be worried about? For the record, this email alert is the reason this whole search started.
Thanks everyone for your help.
Phil

[DavidR]

Sorry but AdAware really isn't in the top league of anti-spyware now, which is why I suggested the two applications in my first post.

[Lisandro]

"another program is trying to access e-mail addresses you have stored in outlook. Do you wish to allow this?"
Phil

Indeed strange... a full scanning with the programs David suggested won't be bad.
Ad-aware is not strong enough.