Virus Information
Discovery Date: 03/09/2004
Origin: Unknown
Length: 148,48 bytes (UPX packed)
Type: Virus
SubType: Win32
Virus Characteristics:
This variant is detected as W32/Bagle.gen@MM using the 4333 DATS (with the scanning of compressed files enabled).
This variant does not mass-mail like previous variants.
It attempts to connect to various German and Russian websites and acts as a mail relay.
It attempts to disable various Antivirus programs.
Symptoms
The following files are dropped on to the %SYSDIR% folder:
System.exe - 19, 968 bytes (DLL which acts as a mail relay)
iinj4.exe - 1, 536 bytes (DLL wich loads System.exe)
irun4.exe- 14, 848 bytes (Copy of itself)
The DLL files are detected as W32/Bagle.dll.gen with the 4333 DATS and above.
The DLLS are injected into the Explorer process.
The following Registry key is added to hook system startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
http://vil.nai.com/vil/content/v_101086.htm

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic