1. /
  2. Security Response/
  3. Trojan.Tooso.H


Risk Level 2: Low

April 16, 2005
February 13, 2007 12:37:13 PM
Also Known As:
Win32.Glieder.{W, Y} [Computer Associates], Email-Worm.Win32.Bagle.{bj, bk} [Kaspersky Lab], W32/Bagle.dll.gen [McAfee], W32/Bagle.gen@MM [McAfee], W32/Bagle.bs.{dr, gen} [McAfee], Troj/BagDl-Gen [Sophos], Troj/BagleDl-N [Sophos], TROJ_BAGLE.BH [Trend Micro]
Trojan Horse
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Trojan.Tooso.H is a Trojan horse that interferes with the operation of security software by terminating processes, stopping services, removing registry entries, and deleting files.

Trojan.Tooso.H attempts to download a copy of Trojan.Tooso.F.

This Trojan may arrive in an email with a .zip file attachment. The file inside the attachment may be 1.exe.

Reinstalling Services
You may also wish to re-enable services that were disabled by the threat. In the services window (in "Control Panel" for Windows 9x and in "Control Panel\Administrative Tools" for Windows 2000 and Windows XP), find the services that have been disabled, double click on them, and reset the "startup type" value from the drop down menu.

Antivirus Protection Dates

  • Initial Rapid Release version April 16, 2005
  • Latest Rapid Release version March 1, 2011 revision 037
  • Initial Daily Certified version April 16, 2005
  • Latest Daily Certified version March 2, 2011 revision 002
  • Initial Weekly Certified release date April 16, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate


  • Damage Level: Medium


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: John Park

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report