The Bagle Bot is a worm that appeared first in 2004 and has had hundreds of iterations. Many of these iterations have engaged in different kinds of malicious activity. It is also known by the names Beagle, Mitgleider and Lodeight. Bagle Bot reaches user systems via malicious websites on the internet. Once downloaded and installed, Bagle Bot proceeds to create its files and modify registry entries. The primary objective of Bagle is to relay spam emails and send them to unsuspecting users. The spam emails themselves depend on the server they are being relayed from. As soon as Bagle Bot is connected to the internet, it downloads an encrypted configuration file which tells it which servers to communicate with. Bagle also connects to a list of predefined servers and sends information of its status and which port on the computer it is listening to.
Once these actions are completed, Bagle proceeds to listen for connections from remote spam servers and to relay the spam emails received from them. This takes up bandwidth and turns the user’s computer in to a zombie which could be traced as a hacker’s computer, putting the user in trouble. As Bagle bot performs a large amount of unauthorized activity, it is prudent to remove it as soon as you find it on your system.
In order to remove Bagle Bot, it is necessary to stop its process, delete its files and folders and to remove its registry entries. Additionally, genuine antivirus software such as Spyware Doctor with Antivirus can proof to be extremely useful in dealing with this type of malware. However, for manual removal, follow the instructions below in order to completely remove Bagle Bot.
Manual Bagle Bot Removal Guide
The first step in Bagle Bot removal is to stop the following process:
- wintems.exe
Next, delete the following files and folders:
- C:\WINDOWS\system32\mdelk.exe
- C:\WINDOWS\system32\wintems.exe
Finally, it is necessary to remove the following keys and settings from the Windows Registry:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run german.exe = "C:\WINDOWS\system32\wintems.exe"
- HKEY_CURRENT_USER\Software\DateTime4
Once the above steps have been completed, your computer is safe from Bagel bot. However, inexperienced users should not attempt to remove Bagle Bot manually as any mistake made during removal could cause damage to the operating system. Therefore, inexperienced users are advised to use a web-based repair service such as http://www.pcninja.com or legitimate antivirus software to safely remove Bagle Bot.
Outside Resources:
Speak Your Mind