W32/Bagle.C@mm

Download VIRUSfighter NOW
W32/Bagle.C@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 2/28/2004 • Type: Worm
• Virus characteristics first published: 2/28/2004 • Spreading mechanism:
• Virus characteristics latest update: 6/9/2004 • Overall risk: Medium
• Alias: • Payload: Backdoor, terminates AV update processes
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

The worm installs a backdoor on the computer. It listens by default on port 2745. This backdoor can f.ex. be used for uploading and executing a program.

It attempts to contact the following web sites:

http://permail.uni-muenster.de/scr.php
http://www.songtext.net/de/scr.php
http://www.sportscheck.de/scr.php

It accesses these web addresses with user ID and port no as parameters; that way the hacker can log who is vulnerable and on which port.

It also looks for and kills the following processes:

ATUPDATER.EXE
AVWUPD32.EXE
AVPUPD.EXE
LUALL.EXE
DRWEBUPW.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
UPDATE.EXE
NUPGRADE.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
MCUPDATE.EXE
NUPGRADE.EXE
OUTPOST.EXE
AVLTMAIN.EXE

# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter