Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


 

I11R54N4.EXE PROCESS INFORMATION

Process Name  : i11r54n4.exe

Process Path : %SYSTEM%\i11r54n4.exe [ C:\Windows\System32\i11r54n4.exe]

Process type    : Internet Worm

Malware Name : W32.Bagle.H@mm

Alias             : I-Worm/Bagle.H, W32/Bagle.H@MM , Bagle.H, W32/Bagle-H,  WORM_BAGLE.H 

Threat level : Low

Process Details :

                     I11r54n4.exe is the main component dropped by Bagle.H. It is a mass mailing worm, uses  e-mail addresses collected from .wab .txt .htm .html .dbx .mdx .eml .nch .mmf .ods .cfg .asp .php .pl .adb  and .sht files to distribute infected messages. Bagle worm arrives as an e-mail attachment. The infected attachment name is randomly chosen by the worm. This worm arrives as a password protected ZIP file.

The infected mail subject will be one of the following

Hokki =)
Weah, hello! :-)
Weeeeee! :)))
Hi! :-)
:-)
:)
ello! =))
Hey, ya! =))
^_^ meay-meay!
^_^ mew-mew (-:
Hey, dude, it's me ^_^ :P 

                     When the worm file is executed it copies itself to Windows system folder as "i11r54n4.exe" in the background. It also drops go154o.exe, i1i5n1j4.exe, and i1i5n1j4.exeopen.

                     W32.Beagle.H@mm modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"rate.exe"= %SYSTEM%\i11r54n4.exe

[ By default, %SYSTEM% will be C:\Windows\System in case of Windows 95/98/ME, C:\Winnt\System32 in case of Windows NT/2000 and C:\Windows\System32 in case of Windows XP ]

                    Bagle.H worm uses its own SMTP engine to send infected messages. The worm tries to terminate security programs in the infected system. Bagle.H worm will not send infected mails to the following e-mail addresses

.ch
@hotmail.com
@msn.com
@microsoft
@avp.
noreply
local
root@
postmaster@

                    Bagle.H contains backdoor abilities and it opens TCP port 2745. It allows hackers to upload files in the infected computer. This variant will not spread after 25th March 2004.

How can I protect my system?

                   Solo has incorporated i11r54n4.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   If you are already infected with i11r54n4.exe, you can remove it from your computer using Solo Antivirus software. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link