As you can see in my fancy new RSS feed, there’s a new version of Bagle going around. The SNP article has links to all the major AV companies’ reports on it, so I’m not going to bother linking to them from here. As with the original, I’ve got a removal script. unbagleb.inf will remove the registry stuff and the program file itself. As with all my other scripts, they can’t delete files if they’re in use. Either open up Task Manager with Ctrl+Alt+Delete and kill AU.EXE before running the script or run the script to get rid of the autorun stuff in the registry then reboot and run the script again to delete the files. Bagle.B is really only a minor tweak on Bagle as far as how it actually infects your system, so this removal script is basically just a few changed names as well.