What
is the Beagle.aa worm?
Also known as: Bagle.aa, I-Worm.Bagle.z, W32/Bagle.AB.worm,
Win32/Bagle.AB,
WORM_BAGLE.Z
This is a new variant of W32/Bagle@MM.
It is packed using UPX.
This is a mass-mailing worm with the following
characteristics:
- contains its own SMTP engine to construct
outgoing messages
- harvests email addresses from the victim
machine
- the From: address of messages is spoofed
- attachment can be a password-protected zip
file, with the password included in the
message body.
- contains a remote access component
(notification is sent to hacker)
- copies itself to folders that have the
phrase shar in the name (such
as common peer-to-peer applications; KaZaa,
Bearshare, Limewire, etc)
When executed it will display a false message
as follows:
How to Remove the Beagle.aa Worm?
Using powerful McAfee
VirusScan 2004 to remove Beagle.aa and
any other viruses.
Manual Removal:
To remove this virus "by hand",
follow these steps:
- Reboot the system into Safe Mode (hit the F8
key as soon as the Starting Windows text is
displayed, choose Safe Mode.
- Delete the following files from your WINDOWS
System directory (typically C:\Windows\System
or C:\Winnt\System32)
drvddll.exe
drvddll.exeopen
drvddll.exeopenopen
- Edit the registry
- Delete the "drvddll.exe" value
from
- HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
- Reboot the system into Default Mode
Detect and Removal Instruction for Other
Variants:
| 
