Need help? Ask the community or hire an expert.
Go to Avira Answers
Size:17.924 Bytes 
Damage:It sends by email the Trojan version TR/Bagle.AL 
VDF Version: 

General DescriptionAffected systems:
Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP

DistributionThis worm searches for email addresses on the system and sends an email to them. The attachment is presented in "TR/Bagle.AL" description.
The worm also copies itself with 19 different file names, in all directories containing "shar" string in their name. This procedure ensures that the worm file is saved in various P2P forms.

The list of file names:
ACDSee 9.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
Kaspersky Antivirus 5.0
KAV 5.0
Matrix 3 Revolution English Subtitles.exe
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Opera 8 New!.exe
Porno pics arhive, xxx.exe
Porno Screensaver.scr
Porno, sex, oral, anal cool, awesome!!.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Windown Longhorn Beta Leak.exe
Windows Sourcecode update.doc.exe
XXX hardcore images.exe

The emails sent by the worm, contain:
Subject: foto
Body: foto
Attachment: or

Technical DetailsWhen activated, the worm makes the following registry entry:

It deletes the following entries:
"My AV" in key "
"Zone Labs Client Ex"
"Zone Labs Client Ex"
"9XHtProtect" in key "
"9XHtProtect" in key "
"Antivirus" in key "
"Antivirus" in key "
"Special Firewall Service" in key "
"Special Firewall Service" in key "
"service" in key "
"service" in key "
"Tiny AV" in key "

Worm copies are created in the system directory:
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .