I was cleaning a computer that was detected as infected with w32.Bagle.E variant. I was curious to see when the computer got infected, so I ran a directory list for the file. That didn't help because it seems it refreshes the date at each startup. Looking back, I think it got through our AV scanning 2 weekends ago shortly after it went wild.
Anyway I saw there existed the .exe file and another (an encrypted ZIP copy) with the extension .exeopen. I used f-bagle.exe tool (updated thru Bagle.I) to remove the infection but (1) it did not remove the .exeopen copy and (2) on next scanning F-Pro detected and removed GODO.EXE.
Should I use another removal tool or what?
Now I'm wondering whether I ought to go check other previously infected computers for that *.exeopen file.
Anyway I saw there existed the .exe file and another (an encrypted ZIP copy) with the extension .exeopen. I used f-bagle.exe tool (updated thru Bagle.I) to remove the infection but (1) it did not remove the .exeopen copy and (2) on next scanning F-Pro detected and removed GODO.EXE.
Should I use another removal tool or what?
Now I'm wondering whether I ought to go check other previously infected computers for that *.exeopen file.