high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 2 November 2005 18:13:09 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please read the instructions for removing Troj/BagleDl-AA.
More Information
Troj/BagleDl-AA is a Trojan for the Windows platform.
Troj/BagleDl-AA attempts to terminate processes and services, delete files and registry entries, and block access to URLs related to anti-virus and security programs. Troj/BagleDl-AA is a Trojan for the Windows platform.
When first run Troj/BagleDl-AA copies itself to <System>\antiav_exe.exe and creates the file <System>\antiav_dll.dll. Both these files are detected as Troj/BagleDl-AA.
Troj/BagleDl-AA attempts to inject the dropped file antiav_dll.dll into the process explorer.exe.
The following registry entries are created to run antiav_exe.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<System>\antiav_exe.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<System>\antiav_exe.exe
Troj/BagleDl-AA attempts to terminate several processes and services related to anti-virus and security programs, to delete related files, to modify C:\boot.ini to delete related files on system startup, to block access to related websites, to delete related registry entries, and to delete registry entries at the following location to stop related files from running on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run
HKCU\Software\Microsoft\Windows\CurrentVersion\
Run
|
