http://net-studio.org >> Patch>

Get rid of Bagle and all its variants


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Alias
	Bagle's Alias from other Antivirus Editor W32/Bagle.gen [McAfee] PWS-Bluedit [McAfee] Generic.dx [McAfee] TROJ_BAGLE.OU [Trend Micro] TROJ_BAGLE.AO [Trend Micro] WORM_BAGLE.KO [Trend Micro] Trojan.DL.VB.ACWT.Gen [PCTools] Worm.Bagle.RR [PCTools] Email-Worm.Bagle!sd5 [PCTools] Email-Worm.Win32.Bagle.jo [Kaspersky Lab] Trojan.Lodeight.C [Symantec]
	Information
	Most of the time, the virus Bagle and its variants stopped Antivirus and blocks your connection if you try to open a web sites for downloading or scanning online, they even disable the Windows firewall and Internet Connection Sharing, stopping ALG, SharedAccess and wscsvc what makes your PC vulnerable. The virus uses the network to spread, it operates the registry at most to be launched at each system startup. Fortunately he has not operated with partitions files autorun.inf to worsen the situation. As you already know, this is not a single virus that deals here, but everything that is Bagle, there are a dozen, we will not give you the details of each feature of each alternative, but the main actions and parameters affected by the virus.
	File
	Most of the time, the virus Bagle put for files in the Windows system directory: <System>\mdelk.exe <System>\wintems.exe <System>\IExplorer.dll .dbt <System>\ansi.exe Puts one file in the Windowws directory, as name of "fghrtuyjfghr.exe" most of the time <Windows>\fghrtuyjfghr.exe The virus creates folder named m in the AppData Directory and puts file flec006.exe in this directory <AppData>\m\flec006.exe
	Registry
	Creates registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run mule_st_key <AppData>\m\flec006.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices IESet IExplorer.dll .dbt HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run IESet IExplorer.dll .dbt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run IESet IExplorer.dll .dbt HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dbt HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DBTFILE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DBTFILE\shell HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DBTFILE\shell\open HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DBTFILE\shell\open\command HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\Svc HKEY_CURRENT_USER\Software\FirstRRRun HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\TestProg HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\TestProg\Settings Creates Value registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\edit\command (Default) = fghrtuyjfghr.exe %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command (Default) = fghrtuyjfghr.exe %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\edit\command (Default) = fghrtuyjfghr.exe %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command (Default) = fghrtuyjfghr.exe %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dbt (Default) = DBTFILE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DBTFILE\shell\open\command (Default) = fghrtuyjfghr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IESet = IExplorer.dll .dbt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system EnableLUA 0x00000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Security Center\Svc EnableLUA 0x00000016 HKEY_CURRENT_USER\Software\FirstRRRun First12Ru123n 0x00000001 Delete Notepad parameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\edit\command (Default) <System>\System32\NOTEPAD.EXE %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command (Default) <System>\NOTEPAD.EXE %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\edit\command (Default) <system32>\NOTEPAD.EXE %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command (Default) <system32>\NOTEPAD.EXE %1
	WARNING
	It is preferable to download this patch and to decompress it on your desktop, to start your machine in safe mode and of launching the patch, always in safe mode. How to start Windows in safe mode?

	Link

Latest fixs:

Brastk (Win32/Wantvi.I, Brastk.exe)
Braviax (Win32/Wantvi.I, Braviax.exe)
XP AntiSpyware 2009 (XP_AntiSpyware.exeL, Downloader.Win32.Agent.bs,New Malware.aj)
FlashGuard.exe (DriveGuard.exe,Win32.Worm.Autoit.AL, AUTORUN.TZ)
cradle of filth (cradle_of_filth.vbe, Notre Gates qui est à Seattle)

COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED