W32/Bagle.AE@mm

Download VIRUSfighter NOW
W32/Bagle.AE@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 7/16/2004 • Type:
• Virus characteristics first published: 7/16/2004 • Spreading mechanism: Email, Other
• Virus characteristics latest update: 12/3/2004 • Overall risk: Low
• Alias: Bagle.AF • Payload:
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

[ General information ]
    * Attemps to open C:\WINDOWS\SYSTEM\sysxp.exe NULL.
    * File length:        21718 bytes.
    * Total emulation cycles required:      4167255.

 [ Changes to filesystem ]
    * Creates file C:\WINDOWS\SYSTEM\sysxp.exe.
    * Creates file C:\MYDOCU~1\MYSHAR~1\Microsoft Office 2003 Crack, Working!.exe.

 [ Changes to registry ]
    * Deletes value "My AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "My AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Zone Labs Client Ex" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Zone Labs Client Ex" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "9XHtProtect" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "9XHtProtect" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Antivirus" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Antivirus" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Special Firewall Service" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Special Firewall Service" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "service" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "service" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Tiny AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Tiny AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "ICQNet" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "ICQNet" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "HtProtect" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "HtProtect" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "NetDy" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "NetDy" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Jammer2nd" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Jammer2nd" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "FirewallSvr" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "FirewallSvr" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "MsInfo" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "MsInfo" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "SysMonXP" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "SysMonXP" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "EasyAV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "EasyAV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "PandaAVEngine" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "PandaAVEngine" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Norton Antivirus AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "Norton Antivirus AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "KasperskyAVEng" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "KasperskyAVEng" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "SkynetsRevenge" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "SkynetsRevenge" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "ICQ Net" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
    * Deletes value "ICQ Net" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Creates value "key"="C:\WINDOWS\SYSTEM\sysxp.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

 [ Spreading through P2P networks ]
    * P2P worm; drops files in P2P upload/download directory.

 [ Process/window information ]
    * Creates a mutex MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D.
    * Creates a mutex 'D'r'o'p'p'e'd'S'k'y'N'e't'.
    * Creates a mutex _-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_.
    * Creates a mutex [SkyNet.cz]SystemsMutex.
    * Creates a mutex AdmSkynetJklS003.
    * Creates a mutex ____--->>>>U<<<<--____.
    * Creates a mutex _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter