Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

W32/Bagle.AT Worm

NameW32/Bagle.AT Worm
AliasesBagle.AT, W32.Beagle.AV@mm, WORM_BAGLE.AT, Bagle, Beagle
Discovered on 29th October, 2004

 Virus Information - W32/Bagle.AT Worm:

W32/Bagle.AT is an email worm. This worm is a variant of W32/Bagle.A. The worm will infect Windows systems. The worm spreads through email, shared network drives, KaZaA P2P software and network.

The infected email carries a spoofed 'From' address picked up randomly from the infected system.

The subject of the infected email will be any one of the following.

Re:
Re: Hi
Re: Thank you!
Re: Thanks :)
Re: Hello

The body of the infected email will be the any one of the following;

:))
:)

It carries any one of the following infected attachments;

Joke
price

The extension of the attachment may be any one of the following;

.cpl
.scr
.exe
.com

Upon execution of the attachment, the worm copies itself as wingo.exe, wingo.exeopen and wingo.exeopenopen in the Windows System folder. It also drops cjector.exe in the Windows folder.

It alters the windows registry at the following location to load itself during next startup;

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The worm attempts to create copies of itself in any folder that contains the substring shar. The worm files will have the following file names:

ACDSee 9.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
Kaspersky Antivirus 5.0
KAV 5.0
Matrix 3 Revolution English Subtitles.exe
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Opera 8 New!.exe
Porno pics arhive, xxx.exe
Porno Screensaver.scr
Porno, sex, oral, anal cool, awesome!!.exe
Serials.txt.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Windown Longhorn Beta Leak.exe
Windows Sourcecode update.doc.exe
XXX hardcore images.exe

The worm attempts to connect to some websites in its pre-configured list.

To propagate itself, the worm scans the following extensions and collects the available email addresses from the infected system;

.xml, .xls, .wsh, .wab, .uin, .txt, .tbb, .stm, .shtm, .sht, .pl, .php, .oft, .ods, .nch, .msg, .mmf, .mht, .mdx, .mbx, .jsp, .htm, .eml, .dhtm, .dbx, .cgi, .cfg, .asp, .adb.

The worm sends a copy of itself to all the collected email addresses using its own SMTP engine.

The worm also tries to terminate antivirus and security related software.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware