Troj/Bagle-TH is a Trojan for the windows platform.
Troj/Bagle-TH pretends to be a software crack. When first run it pops up a window asking the user to locate the program to crack. Once the user selects a program the Tojan will return a message saying "Error. Incorrect file version". It also creates a registry entry under
HKCU\Software\FirstRRRun
Troj/Bagle-TH copies itself under <System>\drivers under the name "hidr.exe". It also changes the <System>\drivers folder attributes to hidden.
Troj/Bagle-TH tries to copy itself to <Program Files>\Messenger\msmsgs.exe. If Windows Messenger exists it will overwrite it.
Troj/Bagle-TH drops a rootkit under <System>\drivers\srosa.sys . The dropped file hides the Trojan. This file is also detected as Troj/Bagle-TH.
Troj/Bagle-TH attempts to access a list of hosts on the Internet.