W32/Bagle-Gen

The name W32/Bagle-Gen is used where a file belongs to a particular family of worms, but the variant is not separately identified. Sophos's proactive protection technology will identify such files as a -Gen variant.

1. Ensure that you are using the most recent IDE files, as more precise detection could now be available. If necessary
   • update with the latest IDE files and
   • repeat the scan.


2. Please send us a sample to assist in improving our technology.
3. Use the instructions for removing generically detected files to delete the file from your computer.
4. If you require further assistance with disinfection, contact support.

W32/Bagle-Gen detects members of the W32/Bagle family of email worms.

W32/Bagle worms copy themselves to the Windows system folder and create a registry entry to run on system startup.

W32/Bagle worms typically harvest email addresses from various files on the system with extensions such as:

WAB, TXT, MSG, HTM, SHTM, STM, XML, DBX, MBX, MDX, EML, NCH, MMF, ODS, CFG, ASP, PHP, PL, WSH, ADB, TBB, SHT, XLS, OFT, UIN, CGI, MHT, DHTM, JSP.

W32/Bagle worms use their own internal SMTP engine to spread and can fake the address of the sender.

W32/Bagle worms may attempt to disable various security-related products by removing their registry run key entries.