Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Sophos Anti-Virus IDE alert: W32/Bagle-F

Feb 29, 2004 9:43AM PST

Aliases
I-Worm.Bagle.f

Type
Win32 worm

Description
W32/Bagle-F is an email worm which sends itself via its own SMTP engine to addresses harvested from your hard disk.
The worm copies itself to the Windows system folder as I1RU54N.EXE and creates the following files in the same folder:

II5NJ4.EXE - a DLL plugin used to load GO54O.EXE
GO54O.EXE - the main DLL component of the worm
I1RU54N4.EXEOPEN - an exact copy of the worm or a copy of the worm in ZIP format

W32/Bagle-F adds the value:

rate.exe = <SYSTEM>\i1ru54n4.exe

to the registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


More: http://www.sophos.com/virusinfo/analyses/w32baglef.html

Discussion is locked