high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 14 November 2005 21:49:52 (GMT) |
| Last updated | 24 November 2005 03:09:30 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/BagleDl-AD is a Trojan for the Windows platform.
When first run Troj/BagleDl-AD copies itself to <Windows system folder>\antiav_exe.exe and creates the file <Windows system folder>\antiav_dll.dll. Both these files are detected as Troj/BagleDl-AD.
Troj/BagleDl-AD attempts to inject the dropped file antiav_dll.dll into the process explorer.exe.
The following registry entries are created to run antiav_exe.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<Windows system folder>\antiav_exe.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
auto__antiav__key
<Windows system folder>\antiav_exe.exe
Troj/BagleDl-AD attempts to terminate several processes and services related to anti-virus and security programs, to delete related files, to modify C:\boot.ini to delete related files on system startup, to block access to related websites, to delete related registry entries, and to delete registry entries at the following location to stop related files from running on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run
HKCU\Software\Microsoft\Windows\CurrentVersion\
Run
|
