This type of worm is embedded in an email attachment, and spreads using the infected computer's emailing networks.
For removal instructions specific to Bagle infections, see Email-Worm:W32/Bagle.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Email-Worm:W32/Bagle.D is very similar to Email-Worm:W32/Bagle.C, which was only released roughly 12 hours before this newer variant emerged.
There are very few differences in the C and D variants; they have the same sizes and same functionality, and the emails sent by them are identical. The major difference involves changes to the D variant to allow it to avoid detection by some antivirus programs.
Another, more minor change, involves a mutex installed by the worm to prevent it from installing on an already infected machine; Bagle.C uses the mutex name ""imain_mutex", whereas Bagle.D uses "iain_m2".
Bagle.D was found in the wild on February 28th, 2004