Lagel.A sends itself out in an e-mail with the attached file "iLLeGal.exe". If this file is run, the worm carries out the following actions on the affected computer:
1) It displays several messages on the screen.
2) It inserts entries in the Windows Registry in order to ensure it is run every time Windows is started up.
3) It creates the following files:
- %sysdir%\Mplayer.exe. This is run on every Windows start-up.
- %sysdir%\iLLeGal.exe, which contains the worm's code.
- %sysdir%\Mmails.dll, which contains the e-mail addresses the worm obtains from the system.
- %sysdir%\SMTP.ocx. This file is used by Lagel.A to send out the messages that carry it.
To prevent possible incidents caused by Lagel.A, Panda Software advises users to update their antivirus solutions. Users of the company's products can download updates of their antiviruses for detecting and eliminating this malicious code from