W32/Bagz.F@mm

Download VIRUSfighter NOW
W32/Bagz.F@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 1/31/2005 • Type: Worm
• Virus characteristics first published: 1/31/2005 • Spreading mechanism: Email
• Virus characteristics latest update: 1/31/2005 • Overall risk: None
• Alias: W32/Bagz-F, WORM_BAGZ.F, W32/Bagz.g@MM, I-Worm.Bagz.g, W32.Bagz.H@mm • Payload:
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
SandBox analysis:
General information
  • Creating several executable files on hard-drive.
  • File length: 166914 bytes.
Changes to filesystem
  • Creates file C:\WINDOWS\SYSTEM\trace32.exe.
  • Creates file C:\WINDOWS\SYSTEM\sysinfo32.exe.
  • Creates file C:\WINDOWS\SYSTEM\sqlssl.doc                                        .exe.
Changes to registry
  • Creates key "HKLM\System\CurrentControlSet\Services\Xuy v palto".
  • Sets value "ImagePath"="trace32.exe" in key "HKLM\System\CurrentControlSet\Services\Xuy v palto".
  • Sets value "DisplayName"="Windows Secure SSL" in key "HKLM\System\CurrentControlSet\Services\Xuy v palto".
Process/window information
  • Attemps to open trace32.exe -install.
  • Creates service "Xuy v palto (Windows Secure SSL)" as "trace32.exe".
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter