Welcome to the Virus Encyclopedia of Panda Security.
It opens the TCP port 2002 and waits for remote connections. It ends processes belonging to security tools and deletes entries belonging to other worms from the Windows Registry.
|First detected on:||Nov. 16, 2004|
|Detection updated on:||Nov. 16, 2004|
|Yes, using TruPrevent Technologies
Bagle.BG is a worm that opens the TCP port 2002 and listens to it, waiting for remote connections. By doing so, Bagle.BG allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.
Bagle.BG ends processes belonging to applications that provide updates for different antivirus programs, among others.
In addition, Bagle.BG prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.
Bagle.BG spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.
Bagle.BG is easy to recognize once it has affected the computer, as it displays the following message on screen when it is run: