W32/Bagle-G

Vea la información para eliminar gusanos.

Windows NT/2000/XP/2003

En Windows NT/2000/XP/2003 tendrá que editar las siguientes entradas del registro modificadas (opcional en Windows 95/98/Me).

Ejecute el comando Inicio|Ejecutar. Escriba 'Regedit' y haga clic en Aceptar.

Antes de modificar el registro del sistema debería hacer una copia en un archivo. En la ventana Editor del Registro, ejecute el comando 'Exportar archivo del Registro' del menú 'Registro' y seleccione 'Todos' en la sección 'Intervalo de exportación'

Cada usuario del sistema dispone de un área en el registro de la forma HKEY_USERS\[código de usuario]\. Por cada usuario, localice y borre cualquier referencia al gusano en:

HKU\[código de usuario]\Software\Microsoft\Windows\ CurrentVersion\Run

Cierre el editor del registro.

NOTA: W32/Bagle-G podría también llegar en un archivo comprimido con contraseña que no se detecta con esta identidad.

W32/Bagle-G es un gusano de email que se envía mediante su propio programa de correo SMTP a todas las direcciones encontradas en el disco duro.

W32/Bagle-G también se extiende a través de redes de intercambio de archivos.

El gusano se copia en la carpeta System de Windows con el nombre I1RU54N.EXE y crea los siguientes archivos en la misma carpeta:

II5NJ4.EXE, archivo DLL usado para cargar GO54O.EXE (detectado por Sophos como W32/Bagle-F) GO54O.EXE, componente principal del gusano I1RU54N4.EXEOPEN, copia del gusano o comprimido ZIP (que podría estar protegido con contraseña)

W32/Bagle-G crea la siguiente entrada en el registro para activarse en el inicio del sistema:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run rate.exe = <SYSTEM>\i1ru54n4.exe

El gusano también crea la siguiente entrada:

HKCU\Software\winword\frun=1

W32/Bagle-G llega en un email con las siguientes características:

Asuntos: Hokki =) Weah, hello! :-) Weeeeee! :))) Hi! :-) My Name is Frenk groom Fotograf Photoalbum My photoalbum Myphotos My photos My beautiful person beautiful Wau... beautiful (-: Gallery photos caroline Katrina kleopatra Caitie Mary-Anne Lisa Bad girl Julie Aline Anna Barbi Katrina Juli Mary Mandy Sara rebecca Jammie kate Audra stacy Rena Kelley Tammy ello! =)) Hey, ya! =)) ^_^ meay-meay! ^_^ meay-meay! ^_^ mew-mew (-: Hey, dude, it's me ^_^ :P

Mensajes: Argh, i don't like the plaintext :) Fell free to chat with me I accept all ages. Don't worry I don't bite........ hope to hear from you soon!

If you are going to make me cry, at least be there to wipe away the tears *Right now the worst thing for you to tell me that I can find someone better thanyou, especially when you are all I want

You don't know what youÆve got till it's gone *You hurt me more than I deserve, how can you be so cruel? I love you more thanyou deserve, how can I be such a fool?

I sit with elders of a gentle race, whose world is seldom seen.Who sit and talk of days for which they wait, when all will be revealed. These are song lyrics.

I'm a social butterfly and a natural flirt. Very hard to get my complete attention. Very open and will answer almost anything. But please don't piss me off.I can be sweet and cuddly or a whatever mood I am in that day so everyday

Love the outdoors, literature, writing, and athletics

When The Trust is Gone So Is The Love That Fades Like the Rain Washing Away All The Sorrows Of Yesterday Why I Ask Myself Must It End Like This Tomorrow, I Tell Myself, I'll Be Okay For Now, I'll Just Live In The Memories Of Our Life Together

I enjoy clean conversations but am open to conversing with women and men with little ones as well. I am very open-minded. All authorization requests will be denied if I don't receive messages and get to know you first.

I love camping, dirt track racing, going for walks, and I have 2 cats - HotRod and Deebo (named from the movie 'Friday' and he lives up to it!).Life is ever changing, never always easy...

i love to chat to just about anyone!!

If I'm online, it problably means I'm pretty bored....so feel free to message me and say hi or whatever else comes to mind at the moment.

Hey people whats goin on? If there is anything you want to know about me ask me... I am pretty easygoing I won't bite....not at first anywayz hahaa..... one thing I will say on here tho I am not into the Cyber thing so don't even ask.....Ciao...

Hi! My name is Shreya and I am a goof off!!! So,If you love the outdoors, travelling, books, music, movies, laffing, teasingand/or can poke fun at yourself... please come a hollerin'!!

I love to dance, read poetry, make people laugh, and hug as many people a day as i can.

Single Mom of 3,Full time college student, Graduate in December with an Associates of Applied Science in Computer Information Systems Love the internet.

My hobbies include crochet, sewing, painting lead figures and playing AD&D. Favorite activities include fishing and camping. I love cats, unicorns(go figure), and fantasy in general.

I like to be in a company of smart, delicate, and with a good sense of humor people. I am Bulgarian, currently getting my Master's in International Business in USA. Favorite actor: Michael Dudikoff

i'm tall and skiny I'm studying in Pharm. D program in FL. i like music, movie, dancing, sports, SCUBA diving, traveling and make a lot friends.

Nice friends, nice men, nice sex and feeling great. I don't mind the odd bout of cybersex as I love to use my imagination when I masterbate.

Hey, guys! by the way, I have no problems with my sexual life, soit's absolutly useless try to have icq sex or things like that. Thanks

I'm an open minded person and enjoy chatting w/ other people.I'm free and willing to chat about anything.So feel free to Imed me if you wanna chat.

I love meeting new people and making new friends. I am a Mary Kay Beauty Consultant. I am married to a wonderful man. We have no children, exept for a minature schnauzer that thinks he is a child. Looking forward to meeting you.

I am from Taiwan but I study in Camden, New Jersey now. I like to know people from different places .

I'm married and I stay at home. And I don't do cyber sex so leave me the fuck alone

Looking forward for a response :P

Note, if the attached file is a password protected ZIP the message text can end with one of the following:

archive password: <número> password: <número> pass: <número> password for archive: <número>

Archivo adjunto (con extensiones EXE, SCR o ZIP): Picture, caroline, Katrina, kleopatra, Caitie, Mary-Anne, Lisa, Bad girl, Julie, Aline, Anna, Barbi, Katrina, Juli, Mary, Mandy, Sara, rebecca, Jammie, kate, Audra, stacy, Rena, Kelley, Tammy, myfotos, Gallery, It_I, Photoalbum, Photomontage

W32/Bagle-G se copia en todas las carpetas con la cadena de texto 'shar', por ejemplo C:\Archivos de programa\Common files\Microsoft shared, con los siguientes nombres:

Microsoft Office 2003 Crack, Working!.exe Microsoft Office XP working Crack, Keygen.exe Microsoft Windows XP, WinXP Crack, working Keygen.exe Porno Screensaver.scr Porno, sex, oral, anal cool, awesome!!.exe Porno pics arhive, xxx.exe Serials.txt.exe Windown Longhorn Beta Leak.exe Windows Sourcecode update.doc.exe XXX hardcore images.exe Opera 8 New!.exe WinAmp 5 Pro Keygen Crack Update.exe WinAmp 6 New!.exe Matrix 3 Revolution English Subtitles.exe Adobe Photoshop 9 full.exe Ahead Nero 7.exe ACDSee 9.exe

W32/Bagle-G abre el puerto 2745 y aguarda las instrucciones del atacante, que podría copiar y ejecutar archivos. El gusano contactará con un sitio Web para comunicar su disponibilidad y ubicación.

W32/Bagle-G terminará los siguientes procesos:

ATUPDATER.EXE AVWUPD32.EXE AVPUPD.EXE LUALL.EXE DRWEBUPW.EXE ICSSUPPNT.EXE ICSUPP95.EXE UPDATE.EXE NUPGRADE.EXE ATUPDATER.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVXQUAR.EXE CFIAUDIT.EXE MCUPDATE.EXE NUPGRADE.EXE OUTPOST.EXE AVLTMAIN.EXE

A partir del 25 de marzo de 2005, W32/Bagle-G se eliminará a sí mismo y borrará las entradas en el registro.