Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
|
Minimum DAT
4331 (2004-03-02) Updated DAT4992 (2007-03-26) |
Minimum Engine
5.1.00 File LengthVaries |
Description Added
2004-04-15 Description Modified2004-07-30 |
Malware Proliferation
Characteristics
This is a generic detection of a DLL component built from W32/Bagle source. This bears many similarities to Proxy-Mitglieder . Removal for newer variants may require the Beta Dats .
This DLL component attempts to disable anti-virus software, connects to various remote site (varies per variant), and acts as a mail relay. Specific filenames and registry key entries vary as well.
Symptoms
Method of Infection
This DLL component may be dropped and injected into other processes by various dropper executables.
Removal
Detection is included in our BETA DAT files and will also be included in the next scheduled DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.
Variants