Aliases
I-Worm.Bagle.f
Type
Win32 worm
Description
W32/Bagle-F is an email worm which sends itself via its own SMTP engine to addresses harvested from your hard disk.
The worm copies itself to the Windows system folder as I1RU54N.EXE and creates the following files in the same folder:
II5NJ4.EXE - a DLL plugin used to load GO54O.EXE
GO54O.EXE - the main DLL component of the worm
I1RU54N4.EXEOPEN - an exact copy of the worm or a copy of the worm in ZIP format
W32/Bagle-F adds the value:
rate.exe = <SYSTEM>\i1ru54n4.exe
to the registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
More: http://www.sophos.com/virusinfo/analyses/w32baglef.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic