Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Bagle.m

Mar 9, 2004 2:08AM PST

Virus Information
Discovery Date: 03/09/2004
Origin: Unknown
Length: 148,48 bytes (UPX packed)
Type: Virus
SubType: Win32

Virus Characteristics:
This variant is detected as W32/Bagle.gen@MM using the 4333 DATS (with the scanning of compressed files enabled).

This variant does not mass-mail like previous variants.

It attempts to connect to various German and Russian websites and acts as a mail relay.

It attempts to disable various Antivirus programs.

Symptoms
The following files are dropped on to the %SYSDIR% folder:

System.exe - 19, 968 bytes (DLL which acts as a mail relay)
iinj4.exe - 1, 536 bytes (DLL wich loads System.exe)
irun4.exe- 14, 848 bytes (Copy of itself)
The DLL files are detected as W32/Bagle.dll.gen with the 4333 DATS and above.

The DLLS are injected into the Explorer process.

The following Registry key is added to hook system startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\

http://vil.nai.com/vil/content/v_101086.htm

Discussion is locked