Troj/BagleDl-H is a Windows Trojan downloader that has backdoor functionality.
When run the Trojan attempts to create the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
(Default)
ssgrate.exe
HKCU\Software\DateTime8
The Trojan listens on TCP port 31121 and waits for instructions from a remote attacker.
Troj/BagleDl-H then attempts to download a file from the internet to the Windows folder and run it.
The Trojan may also create a file ban_list.txt in the Windows System folder which is non-malicious and can be safely deleted.
Troj/BagleDl-H also tries to terminate and disable various anti-virus and security-related programs.
Sophos's anti-virus products include proactive protection technology, which can defend against new threats without requiring an update. Sophos customers have been protected against Troj/BagleDl-H (detected as W32/Bagle-Gen) since version 3.86.