What
is the Beagle.ah worm?
Also known as: WORM_BAGLE.AH, W32/Bagle.ai@MM
Bagle.AH is a worm
that affects Windows XP/2000/NT computers only. Bagle.AH
opens and listens to a TCP port,
waiting for remote connections. By doing so, it
allows hackers
to gain remote control over the affected computer
in order to carry out malicious actions that
would compromise user's confidentiality or impede
normal work.
Bagle.AH ends processes belonging to antivirus
programs and firewalls,
among others. This leaves the affected computer
vulnerable to the attack of other malware.
Aditionally, this worm connects to several web
pages that contain a PHP
script.
It aslo eliminates the entries in the Windows
Registry belonging to several variants
of the worm Netsky.
Bagle.AH spreads via e-mail in a
message with variable characteristics and through
peer-to-peer file sharing programs (P2P).
Displays a false message
as follows:
How to Remove the Beagle.ah Worm?
If Kaspersky detects Bagle.AH during the scan, it
will AUTOMATICALLY offer you the option of
deleting it.
Finally, restore the original configuration of
your computer by following the instructions
below:
- Delete the entry that Bagle.AH has
created in the Windows Registry:
- Click Start > Run.
- Type regedit
Then click OK.
- Navigate to the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- In the right pane, delete the value:
"reg_key" = "%System%\FUKULAMER.exe"
- Exit the Registry Editor.
- Restart the computer in normal mode.
- Restart the computer.
- In order to make sure that Bagle.AH
is completely eliminated from your computer,
carry out a full scan of your computer using
Kaspersky.
How to Disinfect My Computer from Worms?
In order to keep your computer protected, bear
the following tips in mind:
- If you have filtering tools installed,
configure them to reject messages with the
characteristics described above. If, in spite
of doing this, you receive the message that
contains the virus: do not open it, do not run
the attached file and delete it, making sure
that you also delete it from the Deleted
Items folder.
- Install a good antivirus in your computer.
Select Kaspersky Internet Security to get the Kaspersky antivirus solution that best suits your needs.
- Keep your antivirus updated. If automatic
updates are available, configure your
antivirus to use them.
- Keep your permanent antivirus protection
enabled at all times.
Detect and Removal Instruction for Other
Variants:
| 
