Bagle.af/ag/ai removal file

I’m back to my old tricks again. I modified my old Bagle removal scripts to handle the new ones (.af, .ag, and .ai).

http://files.invisibill.net/unbagle.af.ag.ai.inf will remove the registry entries that run the program on startup and the file called by that registry entry. The descriptions I’ve read say that they create other files which contain some of the code. This script will not remove those files, or any of the copies spread via network shares. However, it will delete the startup calls, and the direct targets of those calls (if not in use). After running this script, immediately rebooting should give you a system without Bagle running. You will still need to clean the other files with a virus scanner, but this script should at least keep the viruses from running constantly, which is helpful because they try to shut down firewall and AV programs that are running.

Just save the file somewhere convenient, then right-click and choose Install. If you don’t trust me for whatever reason, you can open the script with any text editor and see that it just tries to delete three registry entries and three files. Once you’ve “installed” it, reboot. Your machine will still have virus-related files on it, but they shouldn’t autorun after you reboot, allowing you to more easily clean your system.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: This post is over 5 years old. You may want to check later in this blog to see if there is new information relevant to your comment.