This type of worm is embedded in an email attachment, and spreads using the infected computer's emailing networks.
For removal instructions specific to Bagle infections, see Email-Worm:W32/Bagle.
For more general information on disinfection, please see Removal Instructions.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Email-Worm:W32/Bagle.D is very similar to Email-Worm:W32/Bagle.C, which was only released roughly 12 hours before this newer variant emerged.
There are very few differences in the C and D variants; they have the same sizes and same functionality, and the emails sent by them are identical. The major difference involves changes to the D variant to allow it to avoid detection by some antivirus programs.
Another, more minor change, involves a mutex installed by the worm to prevent it from installing on an already infected machine; Bagle.C uses the mutex name ""imain_mutex", whereas Bagle.D uses "iain_m2".
Bagle.D was found in the wild on February 28th, 2004