W32/Bagle-QW

Categoría: Virus y programas espía Protección disponible desde:12 dic 2006 00:00:00 (GMT)
Tipo: Win32 worm Última actualización:12 dic 2006 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

To remove Bagle you can download the Sophos Bagle Removal Tool.

W32/Bagle-QW is a worm for the Windows platform.

W32/Bagle-QW spreads via email within a ZIP file.

W32/Bagle-QW includes functionality to access the internet and communicate with a remote server via HTTP. W32/Bagle-QW is a worm for the Windows platform.

W32/Bagle-QW spreads via email within a ZIP file.

W32/Bagle-QW includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/Bagle-QW copies itself to:

<User>\Application Data\hidn\hidn2.exe
<User>\Application Data\hidn\hldrrr.exe

and creates the following files:

\error.txt - harmless file
\temp.zip - also detected as W32/Bagle-QW

The following registry entry is created to run hidn2.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
drv_st_key
<User>\Application Data\hidn\hidn2.exe

W32/Bagle-QW sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
4

Registry entries are created under:

HKCU\Software\FirstRun

Emails sent by the worm have the following characteristics:

Subject line chosen from:
new <date>
price<date>
price_ <date>
price_new <date>

The message text may be empty.

The attached file is named:
new_price<date>.zip
price_list<date>.zip
latest_price<date>.zip

<date> is the date the email was sent in the following format 12-Dec-2006.

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad