W32/Bagle@MM is a mass-mailing worm. The worm arrives in an email message with the following characteristics:
From: (address may be forged)
Attachment: (random filename) 15,872 bytes
When the attachment is run, the virus checks the system date. If the date is January 28, 2004 or later, the virus simply exits and does not propagate. Otherwise, the virus executes CALC.EXE and also copies itself as bbeagle.exe, and sets itself to load when you startup your machine. The worm uses your email address lists to send itself to others.
The virus spoofs the sender address (if you receive one, it's likely not sent by the address in the FROM: line).
You can tell if you're infected by going to Start--Search (or Find) and searching for a file called bbeagle.exe. If this file is on your computer, you're infected.
If you have not opened an attachment, you are not infected. If you get a mail message where the subject begins with "Virus Detected and Cleaned" the virus has already been removed from that message.
To remove the virus:
Some important notes about viruses
For more information about the W32/Bagle@MM virus, check http://vil.nai.com/vil/content/v_100965.htmPosted by dcoates at January 20, 2004 10:49 AM