Full
Name: |
W32.Bagle |
| Type: |
Worm |
| Also Known As: |
W32/Bagle-H@mm
I-Worm.Bagle.h
Win32/Bagle.H
W32.Beagle.H@mm
WORM_BAGLE.H
W32/Bagle.du@MM |
| Danger Level: |
7 |
| Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
| Comment: |
This email worm will copy itself to a shared folder on your hard drive. For instance this was found in this directory.C:\Program Files\funwebproducts\Shared. Funwebproducts and this worm are UNRELATED. This was just an example as to where we found this.
It will use the following filenames:
windown longhorn beta leak.exe
xxx hardcore images.exe
adobe photoshop 9 fu??.exe
winamp 5 pro keygen crack update.exe
porno screensaver.scr
ahead nero 7.exe
windows sourcecode update.doc.exe
acdsee 9.exe
winamp 6 new!.exe
matrix 3 revolution english subtitles.exe
opera 8 new!.exe
serials.txt.exe
CAUTION: DO NOT delete the file names listed above even if you find them on your computer. Use a cleaning application to identify infection and remove it. You can find a freeware cleaner that picks up this infection at http://www.xblock.com/installer.shtml. |
| |
|
| Properties: |
|
| Manual Removal: |
Delete the exception made by the Worm.
1.Click on "Start" and then Click on "Run".
2.Type in "regedit" then click ok.
3.On the left pane scroll down to
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List".
4.On the Right pane right click on "C:\WINDOWS\vcualts32.exe" and click delete.
5.Close the registry editor.
6.Scan using XCleaner. |
