Has anyone seen this little beauty?

Discussion in 'malware problems & news' started by Rainwalker, Apr 12, 2016.

  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I-Worm.Bagle.ZIP.Gen (Iworm) If so, what is known about it? Seems to be a variant of an oldie but baddie.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Yeah, I don't know much more then that. Strange, in that it seemingly has not reared it's ugly head in some time now. Thanks for responding. Anyone else seen it of late?
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Not to go off-topic. But wow, a google search for "I-Worm.Bagle.ZIP.Gen" really shows how aggressive Enigma's marketing of Spyhunter is with their so called "removal" guides, so many links to their "removal" guides in the search results :sick:
     
    Last edited: Apr 12, 2016
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    Yes, you're right Swex. Years ago, for actual removal of Bagle, I've used Norton's removal tool if I remember correctly.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Based on my recent searches on it, appears to be more of an "urban legend" perpetuated by those "grayware" security vendors we all know too well.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hmm, interesting. Am I right in thinking I remember something negative about Spyhunter and that it is best avoided? "Grayware"....This thing just appeared one day. I don't play with any of that "download now for a free scan" stuff. Malwarebytes KEEPS finding it and asks if I want to delete it...and yes, I want to delete it, so....... itman, if it is grayware might it be evolved enough so that Malwarebytes can't dump it? Probably a foolish question.
    .
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    There is a thread open on it on the MalwareBytes forum: https://forums.malwarebytes.org/topic/181197-i-wormbaglezipgen/ . Don't know if that is you? Not enough info there to determine anything at this point. This is the only legit source I have seen it referenced so far.

    I am suspicious since I don't see any sigs yet from any major AV players. Did you submit the malware to Virustotal for a scan?
     
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I had forgotten about Virustotal. It has been a long time since I have picked up anything.....I think. Thanks for the memory jolt. If a file is quarantined can Virustotal find it? I did a scan, but nothing showed.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    No. When quarantined, the file is unreadable. You would have to remove it from quarantine to have it scanned by VT.
     
  11. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK...thanks itman.
     
Loading...