locked
Win32/BugBear.B.Dam RRS feed

  • Question

  •  

    Hello

     

    I seems that OneCare reports that I have Win32/BGugBear.B.Dam on my system and One Care reports that quarantine efforts have failed.

     

    Help

     

    (I am running Vista Ultimate)

     

     

    Friday, September 21, 2007 5:26 AM

Answers

  • this kind of infection are found in the following location:

     

    c:\WINDOWS\TEMP\

    C:\WINDOWS\Profiles\"your profile" \Local Settings\Application Data\Microsoft\Outlook\outlook.pst-

     

    >Attachment.42: "name of the document may vary from what you have"

     

    they may look like this

     

    me.doc.scr

    or

    me.doc

     

    They are located in this file

    ( thats why it cant be addressed by onecare since its within or a part of your e-mail - they are attachments and this files are locked down by outlook express )

     

    For on hand support from WLOC about this issue please proceed with the link below

     

    http://help.live.com/help.aspx?project=onecarev2

    use the "Get More Help" link in the lower right of the page to contact support via email.

     

    Friday, September 21, 2007 12:29 PM

All replies

  • this kind of infection are found in the following location:

     

    c:\WINDOWS\TEMP\

    C:\WINDOWS\Profiles\"your profile" \Local Settings\Application Data\Microsoft\Outlook\outlook.pst-

     

    >Attachment.42: "name of the document may vary from what you have"

     

    they may look like this

     

    me.doc.scr

    or

    me.doc

     

    They are located in this file

    ( thats why it cant be addressed by onecare since its within or a part of your e-mail - they are attachments and this files are locked down by outlook express )

     

    For on hand support from WLOC about this issue please proceed with the link below

     

    http://help.live.com/help.aspx?project=onecarev2

    use the "Get More Help" link in the lower right of the page to contact support via email.

     

    Friday, September 21, 2007 12:29 PM
  • Thanks for the info

     

    I will give it a try this evening.

     

    One more thing, when OneCare identified the virus, the "Win32/BugBear.B.Dam" was a link that took me to the OneCare site (home page) but did not provide any information specific to the Virus.

     

    I was expecting the link to provide me with the info you sent

     

    I will try removing the virus and post the results.

     

     

    Friday, September 21, 2007 12:51 PM
  • Thank you for pointing such out, maybe the WLOC team can add such instances for this resources to be available, in any please proceed with the link I indicated for assistance from Onecare Support for reasons that what I have posted is the said infection on XP base machine, since you are using Vista ( the location might varry if you are using the Windows Mail or so you upgraded an XP to Vista along with the old outlook folders )

     

    They have a mechanism in WLOC 2.0 to create a support log and such will pin point the exact location of those file.

    http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2 

     

    But in all instances they would be in your e-mail as one of your attachments and more than likely it is among the junk mail you filtered or so part of your regular mail.

     

     

    Friday, September 21, 2007 1:07 PM
  • I think that Milo's information should help you with the problem, but see this post regarding the ever so helpful (that was sarcasm) "Quarantine Failed" message - 

    http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2

     

    As for the link sending you to the OneCare home page, that sure doesn't seem too helpful either. If you could, 

    Please file a bug on Connect:  https://connect.microsoft.com/site/sitehome.aspx?SiteID=168

    See the Bug Submission Guide - http://connect.microsoft.com/content/content.aspx?ContentID=3480&SiteID=168 - for details on how to create and submit the Support Log zip file with your bug.

    -steve
    Friday, September 21, 2007 4:18 PM
    Moderator
  • I the world of everchanging signatures and heuristical

    protection, a blank page isn't that uncommon.  You can

    take credit for being one of the first to find a new variant!  Smile

     

    Seriously though, I have the exact same problem with OneCare. 

     

    It found bugbear dot B at mm

    and Bagle.H at mm

     

    but failed to quarantine either one.  All removal tools have failed

    to remove this even the manual ones.  So tow questions:

     

    Is this just found in some file and not really infected on my machine?

     

    Why doesn't OneCare tell you WHERE it found the file?

     

    Thanks in advance

     

    Cliff

     

     

    Friday, November 9, 2007 5:21 PM
  • Hi, Cliff. 

    See this post for information about Quarantine Failed - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2

    -steve
    Friday, November 9, 2007 6:00 PM
    Moderator
  •  

    i have the same issue as MILO with Bugbear.B@mm and Netsky.co@mm both quarantine's are failed and cannot find the solution. anyone have better luck?
    Wednesday, January 2, 2008 3:00 AM
  • See this post for information about Quarantine Failed - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2

     

    (Same answer as the post above yours, Andrew.)

    -steve

    Wednesday, January 2, 2008 6:25 PM
    Moderator
  •  

    OK .... I HAVE THE ANSWER !!!!

     

    Most of the times, it is in an attachment in Outlook's .PST file.  After talking

    to Microsoft for DAYS and WEEKS, they finally admitted on the One Care team

    that "We don't know how to read that type of file!"  Doh ....

     

    So as a result, HP sent me a totally new computer since they couldn't clean the

    files even with MS help.

     

    I suggest that y'all learn to read, extract and Quarantined you own damn files. I spent

    a few weeks of my life fightning this thing.

     

    /message ends

     

    Wednesday, January 2, 2008 9:41 PM
  • In the post I linked to in my previous reply it explains how to determine, by looking at the support log from the logging tab in OneCare/Change Settings, where the infection was found. The message Quarantine Failed typically indicates that the infection is inside another file, in this case the .pst file, and OneCare cannot remove it without risking corruption to your mail store. It can also be that the infection is within a restore point, and this also cannot be removed. In both cases, you can manually delete either the message(s) with the infected attachment from within your .pst file or delete the restore points.

    I don't know why, if the infection was within your .pst file, support could not determine this and help you remove the infection. I also don't know why HP would swap your PC for this reason as it was simply an infection within a file and could be removed manually. The OneCare message "quarantine failed" is disconcerting, but it does not mean that you have an active infection on the PC.

    -steve

     

    Thursday, January 3, 2008 2:12 AM
    Moderator
  • Thanks, but the log truncated the file name path.

     

    The reason they replaced it was Windows Vista kept Blue Screen of Death.  They

    thought it was the viri thaqt One Care reported.  When I told them what you guys said,

    they just shipped out a new machine.

     

    Cliff

     

    PS... I don't think One Care is ready for Primetime yet,  The messages are not clear and easily understood by non-computer people.

     

     

    Thursday, January 3, 2008 1:15 PM
  • Thanks for the additional information, Cliff. I'm also pleased to read about the response by HP support to your issue, having just bought an HP laptop last month and looking at one of their Quad Core's for a desktop/media PC in the near future.

    And, sorry to read that the logs were less than helpful in identifying the location of the infection. :-(

    -steve

     

    Thursday, January 3, 2008 6:26 PM
    Moderator