W32/Bagle.AK

Download VIRUSfighter NOW
W32/Bagle.AK Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 8/31/2004 • Type: Security Risk, Worm
• Virus characteristics first published: 8/31/2004 • Spreading mechanism: Other
• Virus characteristics latest update: 11/28/2005 • Overall risk: Low
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

This description is based on Norman's Sandbox analysis.

foto1.exe : [SANDBOX] contains a security risk - W32/Malware 

[ General information ] 
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. 
* Creating several executable files on hard-drive. 
* File length: 12800 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\doriot.exe.
* Creates file C:\WINDOWS\SYSTEM\gdqfw.exe.
* Deletes file C:\WINDOWS\_re_file.exe. 

[ Changes to registry ]
* Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key  
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". 
* Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". 

 [ Process/window information ]
* Will automatically restart after boot (Ill be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
* Enumerates running processes several parses....
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter