蠕虫病毒，
Virus W32/Bagle.bd@MM
危害：email，系统，造成系统速度降低并继续发送给其他用户，危急度高。
专杀工具下载：
http://download.nai.com/products/mcafee-avert/stinger.exe
附Mcafee说明（from swzone）

News pubblicata da Eymerich il 29/10/2004 2747 letture

 
 Categoria: Sicurezza
   
 
Segnaliamo la velocissima diffusione e l'identificazione nell'arco di poche ore di più varianti del virus Bagle.


Bagle.bb [WINGO.EXE]


Bagle.bc [bawindo.exe]


Bagle.bd [WINGO.EXE]

Le caratteristiche sostanziali non differiscono dal suo antenato : arriva come allegato di posta elettronica e se eseguito disabilita i più diffusi antivirus e firewall.

When executed (as an EXE), the worm installs itself to the victim machine with the Windows system folder as WINGO.EXE. For example:

C:\WINNT\SYSTEM32\WINGO.EXE
If the worm is received as a CPL file, when this is executed it serves to drop and execute the worm. The CPL dropper copies itself as CJECTOR.EXE within the Windows directory, for example:

C:\WINNT\CJECTOR.EXE
The following Registry key is added to hook system startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\\

Run "wingo" = C:\WINNT\SYSTEM32\WINGO.EXE
The following Registry key is also added to store data (within a "TimeKey" key):

HKEY_CURRENT_USER\Software\Params
Additionally, the virus may make multiple copies of itself in the Windows system directory, appending the string "open" to the filename. For example:

C:\WINNT\SYSTEM32\WINGO.EXEOPEN
C:\WINNT\SYSTEM32\WINGO.EXEOPENOPEN
etc
A mutex is created to ensure only one instance of the worm is running at a time. One of the following mutex names is used in an attempt to stop particular variants of W32/Netsky running on the infected machine:

{z4wMuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
'D'r'o'p'p'e'd'S'k'y'N'e't'
_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_
[SkyNet.cz]SystemsMutex
AdmSkynetJklS003
____--->>>>U<<<<--____
_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_
Port 81 (TCP) is also opened on the victim machine.

不要轻易打开邮件中的附件（特别是exe、com、pif、bat、scr类型的文件）
建议将邮件中的附件先保存到硬盘上，然后再打开相应类型程序（如DOC文件的附件，就先打开word，然后再从“文件”－>“打开”来将该文件打开）

推荐Symantec的企业版8.1，我觉着最好的杀毒软件。

从1年多前开始使用mcafee virusscan7.0企业版，功能强大，占资源小，且无升级烦忧（国产的大部分升级困难<主要因为大家用的是D版居多>，诺顿的产品升级也量较大，速度慢且占用资源太多）。
推荐使用最新版的mcafee virusscan8.0i企业版，可去google搜得下载链接
PS：使用D版软件造成的后果自负！（本人使用的是OEM版^_^）

麦咖啡确实不错！但网上下载的都是直接就可以用啊，装的时候自己随便选个授权时间就可以了，没说明有破解注册码什么的呀！
 

还好没中,这个软件网络搜索到的会不会是地板?