The Bagle.M's file is a PE executable about 14336 bytes in size packed with UPX file compressor.
When it is run, it copies itself as SYSWRUN4X.EXE file to Windows System folder and creates a startup key for this file in the Registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"usrgtway.exe" = "%winsysdir%\SYSWRUN4X.EXE"
where %winsysdir% represents Windows System folder name.
Then Bagle.M drops 2 more files into Windows System folder: WINDLLZUP.EXE and BGXTDLL.EXE. Both files are DLLs (Dynamic Link Libraries). The WINDLLZUP.EXE is a loader for BGXTDLL.EXE file. It allows both files to become DLLs used by EXPLORER.EXE file (one of the main Windows components).
More here: http://www.f-secure.com/v-descs/bagle_m.shtml
AVG identifies that I have the Bagle.M worm. have tried most published fixes including AVG scans (repaired iinj4.exe), Housecall, which does not identify it , Stinger , etc., but every time I restart the worm is back.
I have tried to remove all the files identified on various websites as part of the problem and even tried to edit the registry but the culprit keys are not there.
I am running WinXPpro and have AVG, Spyblaster, Spywareguard and Spysweeper active. System restore is deactivated.
Can anyone help me to eliminate this worm?
Richard

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic