[Dshield] New Version of I-Worm Bagle.HX & HY

Ms. Judith Taylor jtaylor at acvna.org
Wed Nov 2 15:46:21 GMT 2005


Hi,

One of my users managed to get two new variants of Bagel HX & HY. I have 
a copy of the zip files if someone would like to have them. I don't know 
enough to look "under the covers" so to speak, since I'm a neophyte to 
security.

After first repairing AVG 7.1 and then performing a manual update, then 
running the scan is when the worms were caught.

It looks like bagel.hx creates a file in the users local\settings\temp 
directory. Both variants (hx & hy) seem to also seed themselves in 
System Restore - C:\System Volume Information\_restore{registry key} 
randomly generated filename starting with A000xxxx.exe and A000xxxx.exe

That's all I know from running the AVG scans.

Any further information on the best means of getting rid of this thing 
permanently would be welcomed.

-- 
Ms. Judith Taylor    ::: To reply remove the NO.SPAM. :::

Director of Information Systems
Appalachian Community Visiting Nurse Assoc.,
Hospice and Health Services, Inc. 740.594.8226  http://www.acvna.org


More information about the list mailing list