Troj/BagleDl-AD is a Trojan for the Windows platform.
When first run Troj/BagleDl-AD copies itself to <Windows system folder>\antiav_exe.exe and creates the file <Windows system folder>\antiav_dll.dll. Both these files are detected as Troj/BagleDl-AD.
Troj/BagleDl-AD attempts to inject the dropped file antiav_dll.dll into the process explorer.exe.
The following registry entries are created to run antiav_exe.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<Windows system folder>\antiav_exe.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<Windows system folder>\antiav_exe.exe
Troj/BagleDl-AD attempts to terminate several processes and services related to anti-virus and security programs, to delete related files, to modify C:\boot.ini to delete related files on system startup, to block access to related websites, to delete related registry entries, and to delete registry entries at the following location to stop related files from running on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run
HKCU\Software\Microsoft\Windows\CurrentVersion\
Run