Navigation

Select category

Remove Email-Worm.Win32.Bagle.ay e-mail worm.
Article published on February, 2005.

Email-Worm.Win32.Bagle.ay is popular Beagle worm modification. It's also known as Win32/Bagle.AX, W32/Bagle.BL.worm, Trojan.Downloader.Small-165, [email protected], W32/[email protected], Worm/Bagle.AX.var, WORM_BAGLE.AZ, Win32/[email protected], W32/Bagle-BK, Win32.HLLM.Beagle.18336 or [email protected]

Bagle.ay creates the following mutex: "MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D". It also stops plenty of processes.

To remove it:

1. Disable System Restore if you are using Windows XP or Windows Me.

2. Go to Windows directory and look for files named "sysformat" with .exe extension or any other extensions. Terminate it/them if it's running as process and delete it. Also look for re_file.exe file and delete it. Block any strange outgoing connections in your firewall because this worm tries to download some junk to keep your PC infected.

3. Select Start -> Run. Type "regedit" and hit ENTER. Find SOFTWARE -> Microsoft -> Windows -> CurrentVersion ->Run. Look for sysformat.exe registration key and eliminate it. This registry entry is made to keep starting worm after every reboot.

4. Update your antivirus software and make full system scan even after all you have already done to eliminate this worm!

Friendly websites

Support us and join our new forum. Help us to create community!