|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 %system%\windll.exe - Dangerous
Bagle.al is a worm that spreads as an email attachment and via file sharing networks. Copies itself into the Windows system directory with the name windll.exe and registers the following system registry auto run key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "erthgdr"="%system%\windll.exe" Bagle.al creates two additional files in the Windows system folder: windll.exeopen; windll.exeopenopen The worm uses a built-in SMTP server to mail copies of itself to all email addresses founded on the infected computer. Bagle.al opens port 80 on the local HTTP server allowing the controller to download and execute files on the infected machine. The worm component of Bagle.al is scheduled to stop functioning and slef-destruct after August 10, 2004. However, the downloader module will remain available for possible use for an unspecified period of time. Remove it from startup by RegRun Startup Optimizer. Removal: %system%\windll.exe is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: May 12 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
