W32/Bagle.J@mm

Download VIRUSfighter NOW
W32/Bagle.J@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 3/3/2004 • Type: Worm
• Virus characteristics first published: 3/3/2004 • Spreading mechanism: Email, Network
• Virus characteristics latest update: 3/29/2004 • Overall risk: Low
• Alias: • Payload: Backdoor, terminates AV processes
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

The worm installs a backdoor on the computer. It listens by default on port 2745. This backdoor can f.ex. be used for uploading and executing a program.

It attempts to contact the following web sites:

http://postertog.de/scr.php
http://www.gfotxt.net/scr.php
http://www.mailklibis.de/scr.php

This way the hacker can log who is vulnerable. However, these scripts appear not to be active.

The worm also looks for an terminates the following security processes:

  • ATUPDATER.EXE
  • AVWUPD32.EXE
  • AVPUPD.EXE
  • LUALL.EXE
  • DRWEBUPW.EXE
  • ICSSUPPNT.EXE
  • ICSUPP95.EXE
  • UPDATE.EXE
  • NUPGRADE.EXE
  • ATUPDATER.EXE
  • AUPDATE.EXE
  • AUTODOWN.EXE
  • AUTOTRACE.EXE
  • AUTOUPDATE.EXE
  • AVXQUAR.EXE
  • CFIAUDIT.EXE
  • MCUPDATE.EXE
  • NUPGRADE.EXE
  • OUTPOST.EXE
  • AVLTMAIN.EXE
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter