Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Bagle.AH
Technical name:W32/Bagle.AH.worm
Threat level:High

It opens a port and waits for remote connections, ends processes belonging to antivirus programs and firewalls, and connects to web pages that contain PHP scripts.

Affected platforms:

Windows XP/2000/NT

First detected on:July 19, 2004
Detection updated on:April 6, 2006
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Bagle.AH is a worm that affects Windows XP/2000/NT computers only. Bagle.AH opens and listens to a TCP port, waiting for remote connections. By doing so, it allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.

Bagle.AH ends processes belonging to antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.

Additionally, this worm connects to several web pages that contain a PHP script.

It also eliminates the entries in the Windows Registry belonging to several variants of the worm Netsky.

Bagle.AH spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Visible Symptoms 


Bagle.AH is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.