high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | September 2004 (3.85) |
| Protection available since | 19 August 2004 11:57:56 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
VFW Encoder/Decoder Settings = RUNDLL32.EXE MSSIGN30.DLL ondll_reg
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Program In Windows = C:\WINDOWS\System32\IEXPLORE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Protected Storage = RUNDLL32.EXE MSSIGN30.DLL ondll_reg
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
SystemTra = C:\WINDOWS\SysTra.EXE.
and delete them if they exist.
Close the registry editor.
More Information
W32/Lovgate-W is a worm with the backdoor functionality that spreads via email, network shares with weak passwords and filesharing networks.
When executed W32/Lovgate-W creates a background process with the name "LSASS.EXE", copies itself to the Windows system folder, sets registry entries, extracts a backdoor component as a DLL file, harvests email addresses from *.ht files and sends itself out.
W32/Lovgate-W copies itself to the available filesharing networks shared folders and subfolders with a filename chosen from:
Are you looking for Love.doc.exe
The world of lovers.txt.exe
How To Hack Websites.exe
Panda Titanium Crack.zip.exe
Mafia Trainer!!!.exe
100 free essays school.pif
AN-YOU-SUCK-IT.txt.pif
Sex_For_You_Life.JPG.pif
CloneCD + crack.exe
Age of empires 2 crack.exe
MoviezChannelsInstaler.exe
Star Wars II Movie Full Downloader.exe
W32/Lovgate-W is a worm with the backdoor functionality that spreads via email, network shares with weak passwords and filesharing networks.
When executed W32/Lovgate-W creates a background process with the name "LSASS.EXE", copies itself to the Windows system folder, sets registry entries, extracts a backdoor component as a DLL file, harvests email addresses from *.ht files and sends itself out.
In order to run automatically when Windows starts up W32/Lovgate-W creates the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
VFW Encoder/Decoder Settings = RUNDLL32.EXE MSSIGN30.DLL ondll_reg
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Program In Windows = C:\WINDOWS\System32\IEXPLORE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Protected Storage = RUNDLL32.EXE MSSIGN30.DLL ondll_reg
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
SystemTra = C:\WINDOWS\SysTra.EXE.
where EXE is a worm copy and a DLL is a backdoor component.
W32/Lovgate-W copies itself to the available filesharing networks shared folders and subfolders with a filename chosen from:
Are you looking for Love.doc.exe
The world of lovers.txt.exe
How To Hack Websites.exe
Panda Titanium Crack.zip.exe
Mafia Trainer!!!.exe
100 free essays school.pif
AN-YOU-SUCK-IT.txt.pif
Sex_For_You_Life.JPG.pif
CloneCD + crack.exe
Age of empires 2 crack.exe
MoviezChannelsInstaler.exe
Star Wars II Movie Full Downloader.exe
|
