Smart Computing ® Smart Computing ®
Top Subscribe Today | Contact Us | Register Now   
middle
Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop   


How To Get Rid Of… Email This
Print This
View My Personal Library
How To Get Rid Of…
Article Last Reviewed February 2005 		Add To My Personal Library


How To Get Rid Of Bagel

Description

Bagle is a fast-spreading email worm that enables an attacker to upload and execute malicious code onto the computers it infects. Bagle checks the current system date and terminates itself if that system date is Jan. 28, 2004, or later. The worm arrives as an attachment to an email message and has a random filename with an EXE extension. Once installed on a computer, Bagle looks for email addresses to which it will send itself. It looks for these addresses in the files with WAB, HTM, HTML, and TXT extensions stored on the affected computer. After Bagle has located the addresses, the virus sends itself out to them using its own SMTP (Simple Mail Transfer Protocol, or outgoing email) engine.

The mass-mailing W32/Bagle-A worm (just one of many variants of this virus) is also known as Bagle or Beagle and includes a backdoor component, which listens on TCP (Transmission Control Protocol) port 6777 and lets an attacker execute arbitrary programs (such as password-capturing programs) on infected systems. Bagle is a mass-mailing worm that alters the From field in email messages and makes it appear as if the message is from someone you know. This virus affects systems running Windows 9x/NT/Me/2000/XP.

How To Tell If Bagle Is Present On Your PC

The telltale sign of a Bagle infection is the presence of the Bbeagle.exe file in the C:\WINDOWS or C:\WINNT system folder. To check your system, use Windows' search feature to locate that file name.

Bagle also creates entries in the Windows Registry so that it runs every time Windows starts. Click Start and Run, in the Open box type regedit, and click OK to open the Registry Editor. If you find any of the following Registry entries, then Bagle has contaminated your system:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\D3dupdate.exe = "%System%\bbeagle.exe"

HKEY_USERS\%SYSTEMINFO%\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\D3dupdate.exe = RENTVERSION\RUN\D3dupdate.exe = "%System%\bbeagle.exe"

Note: You can easily search your Registry for Bbeagle.exe by using the Registry's built-in search function found under the Edit menu or by pressing CTRL-F when the Registry editor is open.

WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin (Registry errors can render your computer inoperable if you don't have a backup). This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here."


How To Get Rid Of Bagle With Spybot-Search & Destroy

Launch Spybot Search & Destroy and make sure it is up-to-date by clicking the Update button and following the on-screen instructions. (This requires a live Internet connection.) If the program is up-to-date, click the Search & Destroy button to automatically search for the Bagle files Bbeagle.exe. When Spybot Search & Destroy finds the file on your computer, it creates a listing under the Problem heading and automatically includes a check in the corresponding checkboxes. Scroll through the results to make sure the program didn't identify any legitimate programs as problems; if you find any of these, simply uncheck the corresponding checkboxes. Click the Fix Selected Problems button to have the program remove the unwanted file(s).

How To Manually Get Rid Of Bagle

The first step to eliminating Bagle entirely is to terminate the program as it resides in your computer's memory. To do so, follow this procedure:

1. Go to the Windows Task Manager. To do this on a system running Windows NT/2000/XP, press CTRL-SHIFT-ESC and select the Processes tab. To do this on a system running Windows 9x/Me, press CTRL-ALT-DELETE.
2. Locate and select file Bbeagle.exe in the list of running programs.
3. Press End Task or End Process (either will appear depending on your Windows version).
4. Verify that you've terminated Bbeagle.exe by closing Task Manager, opening it again, and then Close the Task Manager.

Note: On systems running Win9x/Me, Task Manager may not show certain processes. You can use a third-party process viewer such as Mark Russinovich's Process Explorer (http://www.sysinternals.com; free) to detect and terminate the Kernel32.exe process.

Now you'll need to edit the Windows Registry.

1. Click Start and Run, type regedit, and press ENTER to open the Registry Editor.
2. In the left panel, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE.
3.In the right panel, delete the D3dupdate.exe = %System%\bbeagle.exe value.
4.Close the Registry Editor.

Now that you have removed the worm, empty the Recycle Bin and restart your computer. Lastly, run up-to-date antivirus software to ensure that any remnants are removed.

by Douglas Schweitzer






Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant Trouble Shooting articles from within our Tech Support.

Enter A Subject (key words or a phrase):
                                         




Home     Copyright & Legal Information     Privacy Policy     Site Map     Contact Us

Copyright © 2009 Sandhills Publishing Company U.S.A. All rights reserved.