MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

What is a computer virus?

Alert: Computer Virus Outbreaks

AVG Alternative Update URL

AVG Anti-Virus 7 FE

AVG Anti-Virus 7.5

AVG Email Server Edition

AVG File Server Edition

How to - Avoid Getting Infected

How to - Disabling System Restore

How to - Put Windows in Safe Mode

How-to-run MRT (Malicious Software Removal Tool from Microsoft)

MAC OS X Anti-Virus

Removal of Trojan

Removing File Locked by OS

Stop the virus Ping-Pong

The real thing !

Viruses: Email-borne

Viruses: On-line Scanners
Home » Virus Protection » Removal of Trojan » 

A new computer virus carrying the innocent name Beagle (or Bagle) is running around the Internet without a leash.  The virus, discovered Sunday 18 Jan 2004, is a mass-mailing worm that arrives in user in-boxes as an attachment to an E-mail message.  The offending message has a subject line reading "Hi" and body text starting with "Test =)" and ending with "Test, yep."

If users double-click on the attachment, they unwittingly become a staging ground for the virus to spread itself as the toxic message shoots out to addresses on the hard drive.

Once running, Beagle virus (W32/Bagle-A) appears in the Windows task list with the name "bbeagle". You will need to end this task before you can delete the infected file from your System folder. Ending the task can be done with the Task Manager.

To pop up the Task Manager, press Ctrl-Alt-Del on Windows 98/Me, or Ctrl-Shift-Esc on Windows 2000/XP. Look for a process called "bbeagle". If you find a process with this name, stop it (use "End Task" on Windows 98/Me, or "End Process" from the "Processes" tab on Windows 2000/XP).

Find and delete the d3dupdate.exe and bbeagle.exe files.

Or you can download and run the mcafee Stinger software to remove the virus.  Alternatively use Symantec Removal Tools.

How the virus came into the system:

It arrives in an email with the following characteristics:

Subject line: Hi
Attached file: randomname.exe

Test =)
[random characters]
--
Test, yep.

The attached file has the icon of the familiar Windows Calculator application. The worm deliberately launches the Calculator application as a disguise.

W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and sets the following registry entry to ensure the worm is run at logon:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe

The worm also sets the following registry entries:

HKCU\Software\Windows98\uid
HKCU\Software\Windows98\frun

W32/Bagle-A includes a backdoor component which listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers.

Once infected, it will trawl your system for e-mail addresses and randomly select a sender e-mail address and mass mail the virus out.

This creature is also known as I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle @ MM [McAfee], Win32.Bagle.A [Computer Associates].

 

commentPost your comment 
Mail this pageMail this page


© 2006-2010. All Rights Reserved.