W32/Bagle.AF@mm

Download VIRUSfighter NOW
W32/Bagle.AF@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 7/18/2004 • Type: Worm
• Virus characteristics first published: 7/18/2004 • Spreading mechanism: Email
• Virus characteristics latest update: 11/28/2005 • Overall risk: Low
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Email characteristics:
  • Subject: Variable
  • Body: Variable
  • Attachment: Variable

[ General information ]

* Attemps to open C:\WINDOWS\cjector.exe NULL.

* Creating several executable files on hard-drive.

* Attemps to open C:\WINDOWS\SYSTEM\sys_xp.exe NULL.

[ Changes to filesystem ]

* Creates file C:\WINDOWS\cjector.exe.

* Creates file C:\WINDOWS\SYSTEM\sys_xp.exe.

* Creates file C:\MYDOCU~1\MYSHAR~1\Microsoft Office 2003 Crack, Working!.exe.

[ Changes to registry ]

* Deletes value "My AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "My AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Zone Labs Client Ex" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Zone Labs Client Ex" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "9XHtProtect" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "9XHtProtect" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Antivirus" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Antivirus" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Special Firewall Service" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Special Firewall Service" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "service" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "service" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Tiny AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Tiny AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "ICQNet" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "ICQNet" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "HtProtect" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "HtProtect" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "NetDy" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "NetDy" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Jammer2nd" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Jammer2nd" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "FirewallSvr" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "FirewallSvr" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "MsInfo" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "MsInfo" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "SysMonXP" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "SysMonXP" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "EasyAV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "EasyAV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "PandaAVEngine" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "PandaAVEngine" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Norton Antivirus AV" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "Norton Antivirus AV" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "KasperskyAVEng" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "KasperskyAVEng" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "SkynetsRevenge" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "SkynetsRevenge" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "ICQ Net" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

* Deletes value "ICQ Net" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Creates value "key"="C:\WINDOWS\SYSTEM\sys_xp.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

[ Spreading through P2P networks ]

* P2P worm; drops files in P2P upload/download directory.

[ Process/window information ]

* Creates a mutex MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D.

* Creates a mutex 'D'r'o'p'p'e'd'S'k'y'N'e't'.

* Creates a mutex _-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_.

* Creates a mutex [SkyNet.cz]SystemsMutex.

* Creates a mutex AdmSkynetJklS003.

* Creates a mutex ____--->>>>U<<<<--____.

* Creates a mutex _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter