W32/Bagle.D@mm

Threat risk

Threat risk low


Detection files published: 28 Feb. 2004	Description created: 2004-02-28	Description updated: 2004-02-28

Malware type: Worm	Alias:	Spreading mechanism Email

Payload: Backdoor, terminates AV processes.

Summary
Spreading description
Threat description
Removal

Summary

This is an email worm. It is very similar to W32/Bagle.C@mm.

The main differences are that the registry entry where it stores its own data is called

HKCUSOFTWAREDateTime3 (the C variant used DateTime2)

and the mutex created to stop it running multiple copies of itself is called imain_m2 instead of imain_mutex.

Spreading description

Email characteristics:

Subject: (variable)
Body: (none)
Attachment: [random letters].zip

Same as W32/Bagle.C@mm.

Threat description

Same as W32/Bagle.C@mm.

Removal

General information about removal of malicious software

Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.

Användning	Titel	Kommentar
	Förhindra smitta genom fildelning i nätverk
	Sanering av back-up foldrar i Windows Me och XP

Skriv ut sidan