|
|
#1
February 29th, 2004, 08:46 PM
|
||||
|
||||
W32/Bagle-F
Aliases I-Worm.Bagle.f Type Win32 worm Description W32/Bagle-F is an email worm which sends itself via its own SMTP engine to addresses harvested from your hard disk. The worm copies itself to the Windows system folder as I1RU54N.EXE and creates the following files in the same folder: II5NJ4.EXE - a DLL plugin used to load GO54O.EXE GO54O.EXE - the main DLL component of the worm I1RU54N4.EXEOPEN - an exact copy of the worm or a copy of the worm in ZIP format W32/Bagle-F adds the value: rate.exe = <SYSTEM>\i1ru54n4.exe to the registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run This means that W32/Bagle-F runs every time you logon to your computer. W32/Bagle-F also creates the following registry entry: HKCU\Software\DateTime4\frun=1 W32/Bagle-F also drops several copies of itself in the following folder: Program files\Common files\Microsoft shared A more detailed description will follow shortly. http://www.sophos.com/virusinfo/analyses/w32baglef.html
__________________
Microsoft MVP - Consumer Security 2006 - 2010 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
