Win32:Beagle

Win32:Beagle

is a massmailing worm which will be active only till 28th January 2004. It installs the backdoor into the operating system.

Win32:Beagle-A spreads via email. It sends itslef to email addresses found on the hard disk of infected computer. The worm falses the senders address.

The infected email has the following characteristics:
Subject line: Hi

Message text:
Test =)
[random letters]
--
Test, yep.

Attached file: [random name].exe

The infected file contains the Windows Calculator icon. This program is also launched by the worm in order to camouflage its presence in the system.

The worm stores itself in the Windows system folder under the name bbeagle.exe and adds the following registry keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe
HKCU\Software\Windows98\uid
HKCU\Software\Windows98\frun

The worm also installs a backdoor program into the system which listens on TCP port 6777. This allows a virus author to upload and execute programs on infected computers.

As mentioned above, the worm will not activate if the system clock is set to 28th January 2004 or later. This behaviour is very similar to the infamous Win32:Sobig variants

Removal:
To remove this virus please use free avast! Virus Cleaner.

Refer: Avast