Request Services
  Data Systems Services
  About Data Systems
  News & Announcements
 
Virus Alert
Virus Hoaxes
  Quick Links
  Classroom Reservations
  Equipment Reservations
  Software Downloads
 
Data Systems Only! (Password Protected)
  Live Remote Assistance
 


Bagle.B Worm

02/17/04 - Bagle.B spreads via e-mail. It follows the routine below:

It reaches the computer in an e-mail message that has the following characteristics:

Sender:
Bagle.B spoofs the e-mail address from which is is sent. This may cause confusion. mFor further inforation, click here.

Subject:
ID <random text 1>... thanks

Message:
Yours <random text 2>
--
Thank

Attachments:
The file name is variable, but always has an EXE extension. It has the following icon:


When the attached file is run, the computer is affected.

Bagle.B searches for e-mail addresses in files that have the following extensions: WAB, TXT, HTM and HTML.
It sends itself out to all the addresses it has gathered, excepting those which belong to the mail domains @hotmail.com, @msn.com, @microsoft and @avp, using its own SMTP engine.

Detecting and Eliminating the Virus:
* Remember that Tulane University has a site license for McAfee Virus Scan, and that is the approved

Removal Instructions

Go to the following website for removal instructions:

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=44777

Download Stinger to Scan for infection:
http://vil.nai.com/vil/stinger

More info on this worm:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=44777

Back to the top