Lagel.A sends itself out in an e-mail with the attached file "iLLeGal.exe". If this file is run, the worm carries out the following actions on the affected computer:
1) It displays several messages on the screen.
2) It inserts entries in the Windows Registry in order to ensure it is run every time Windows is started up.
3) It creates the following files:
- %sysdir%\Mplayer.exe. This is run on every Windows start-up.
- %sysdir%\iLLeGal.exe, which contains the worm's code.
- %sysdir%\Mmails.dll, which contains the e-mail addresses the worm obtains from the system.
- %sysdir%\SMTP.ocx. This file is used by Lagel.A to send out the messages that carry it.
To prevent possible incidents caused by Lagel.A, Panda Software advises users to update their antivirus solutions. Users of the company's products can download updates of their antiviruses for detecting and eliminating this malicious code from
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.