|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Lager.DP
|
|
|
| Radar |
 |
|
|
|
Summary
|
| Lager.DP is a mass mailing worm that drops a copy of Small.DAM. |
|
|
|
Disinfection
|
Automatic Disinfection
Usually standalone malware (backdoors, worms, trojans, etc.) is automatically removed by F-Secure Anti-Virus (FSAV) starting from version 5.40. Malware files get automatically renamed by FSAV, so they can not be started any more. In some rare cases, when automatic disinfection is not possible, a user can select disinfection action by him/herself to make FSAV rename or delete an infected file. In some special cases, it is recommended to use specific disinfection tools provided by F-Secure. They can be downloaded from our ftp site:
ftp://ftp.f-secure.com/anti-virus/tools/
F-Secure Anti-Virus can be purchased from our webshop or from our authorized distributors. A trial version F-Secure Anti-Virus, limited up to 30 days, can be downloaded from our website:
http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can download anti-virus database updates automatically. However, these updates can be also downloaded and installed manually from our web or ftp sites:
http://www.f-secure.com/download-purchase/updates.shtml
Manual Disinfection
To manually disinfect standalone malware (backdoors, worms, trojans, etc.),it is usually enough to delete all infected files from a computer and to restart it. Active malware files are usually locked by operating system so different disinfection approaches are required for different operating systems.
Please note that manual disinfection is a risky process, so it is recommended only for advanced users.
If Windows 95, 98 and ME operating system are used, it is recommended to restart a computer from a bootable system diskette and to delete an infected file from the command prompt. For example, if a malicious file named ABC.EXE is located in the Windows folder, it is usually enough to type the following command at command prompt:
DEL C:\WINDOWS\ABC.EXE
and to press Enter. After that an infected file will be gone. If Windows NT, 2000 or XP is used, a malicious file has to be renamed with a different extension (for example .VIR) and then a system has to be restarted. After restarting, a renamed malicious file will no longer be active and it can easily to delete manually.
Malware Disinfection Tools
F-Secure provides disinfection tools for certain malware. These tools can be downloaded from this webpage:
http://www.f-secure.com/download-purchase/tools.shtml
ftp://ftp.f-secure.com/anti-virus/tools/
Windows System Restore Issues
If Windows ME or XP is used, it is recommended to disable System Restore features of these operating systems to prevent a computer from re-infection by an already removed malware. The fact is that System Restore feature of these operating systems might save an infected file into the special folder and copy it back to a hard drive every time it has been renamed or deleted by F-Secure Anti-Virus or by a user. Instructions on how to disable System Restore features are available here:
Windows ME:
http://www.f-secure.com/v-descs/sfc_dis.shtml
Windows XP:
http://www.f-secure.com/v-descs/sfc_dis1.shtml
It is recommended to re-enable System Restore after disinfection in order to restore stable system configuration, if any crash or incompatibility issue occurs in the future.
Failed Disinfection
In some cases that F-Secure Anti-Virus might not disinfect a system automatically, please visit our Support pages:
http://support.f-secure.com/enu/home/virusproblem/howtoclean/ |
|
|
|
Detailed Description
|
Lager.DP arrives on the system as an attachment to spam e-mails.
When executed, Lager.DP drops a copy of itself named "alsys.exe" in the Windows system directory.
It also drops several files in various locations on the system using a random eight character filename.
In addition to this, it drops and executes a randomly named copy of Small.DAM in the current directory.
It also adds the following registry entries to enable its automatic execution upon system Startup:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Agent = "%sysdir%\alsys.exe"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Agent = "%sysdir%\alsys.exe"
Propagation
Lager.DP propagates by mailing itself to several e-mail addresses gathered from the affected system.
It may use any of the following string as its Subject:
- 5 Reasons I Love You
- A Bouquet of Love
- A Day in Bed Coupon
- A Hug & Roses
- A Kiss So Gentle
- A Kiss for You
- A Little (sex) Card
- A Monkey Rose for You
- A Red Hot Kiss
- A Relaxing Coupon
- A Romantic Place
- A Song to You
- A Special Flower for You
- A Special Kiss
- A Sweet Love
- A Token of My Love
- A Weekend Getaway
- Against All Odds
- All For You
- All That Matters
- Angel of Love
- Awaiting Your Love
- Baby, I'll Be There
- Back Together
- Between Us
- Bewitching Moonlight
- Brand New Love
- Breakfast in Bed Coupon
- Bubble Bath Coupon
- Can't Wait to See You!
- Crazy way to say I Luv U
- Cuddle Me Please
- Cuddle Up
- Cyber Love
- Dancing With You
- Dinner Coupon
- Doing It for You
- Dream Date Coupon
- Dream Girl
- Emptiness Inside Me
- Eternity of Your Love
- Evening Romance
- Every Inch of Your Body
- Everyone Needs Someone
- Falling In Love with You
- Feeling Horny?
- Fields Of Love
- For Better of For Worse
- For You
- For You....My Love
- Forever and Ever
- Forever in Love
- From this day forward
- Full Heart
- Hand in Hand
- He Blessed Our Lives
- Heart is Breaking
- Heart of Mine
- Hey Cutie
- Hold Me (distant love)
- Hold On
- How Much I Love You
- Hugging My Pillow
- I Always Knew
- I Am Lost In You
- I Believe
- I Can't Function
- I Dream of you
- I Give to You
- I Love Thee
- I Love You Mower
- I Love You So
- I Love You Soo Much
- I Love You with All I Am
- I Still Love You
- I Think of You
- I Win with You
- I Woof You
- I Would Do Anything
- I Would Give you Anything
- I am Complete
- I wish
- I'll Be Your Man
- If I Could
- If I Knew
- In Love
- In My Heart
- Inside My Heart
- Internet Love
- It's Your Move
- Just You
- Just You & Me
- Kiss Coupon
- Kisses, Hugs & Roses
- Last Night was Hot!
- Let's Get Frisky
- Live With Me
- Longing for You
- Love Birds
- Love Remains
- Love You Deeply
- Love at First Sight
- Love for Granted
- Love is in the Air
- Made for Each Other
- Magic of Flowers
- Massage Coupon
- Memories
- Miracle of Love
- Moonlit Waterfall
- Most Beautiful Girl
- My Eye on You
- My Heart belongs to you
- My Heart is Thinking
- My Invitation
- My Love
- My Perfect Love
- Now I Know
- Now and Forever
- Old Together
- Only You
- Our Love
- Our Love Everyday
- Our Love Nest
- Our Love Will Last
- Our Love is Free
- Our Love is Strong
- Our Two Hearts
- Our Wedding Day
- Our love is torn by miles
- P.M.S
- Passionate Kiss
- Peek-A-Boo
- Pockets of Love
- Puppy Love
- Red Rose
- Romantic Picnic Coupon
- Rose for my Love
- Safe With You
- Safe and Sound
- Search for One
- Sending Kiss
- Sending You My Love
- Showers Of Love
- So Unique
- So in Love
- Solitary Beauty
- Someone at Last
- Soul Mates
- Soul Partners
- Steamy Dream
- Steamy Sex Coupon
- Summer Love
- Take My Hand
- Teddy Bear & Roses
- Tender Whispers
- Thanks...Love
- That Special Love
- The Candle's Light
- The Dance of Love
- The Kiss
- The Letter
- The Long Haul
- The Love Bugs
- The Miracle of Love
- The Mood for Love
- The Sweet Taste of Love
- The Time for Love
- Thinking about you
- Thinking of You
- This Day Forward
- This Feeling
- Til the End of Time
- Till Morning's Light
- Till Morninig's Light
- Times Are Hard, I Luv U
- To New Spouse
- Together Again
- Together You and I
- Touched by Love
- True Love
- Trunk Full Of Love
- Twice Blest
- Twilight Paradise
- Two of a Kind
- Unique Love
- Unmatchable Beauty
- Until the Day
- Vacation Love
- Waiting for You
- Want You to Know
- Want to Meet?
- We Are Different
- We Have Walked
- We're a Perfect Fit
- When I look at you
- When I'm With You
- When You Fall in Love
- Why I Love You
- Wild Nights--Wild Nights
- Will You?
- Window of Beauty
- Wine and Roses
- Wish I Could Tell You
- Wish Upon a Star
- With All My Love
- With All of My Heart
- With This Ring
- Without Your Love
- Won't you dance with me
- Words I Write
- Worthy of You
- Wrapped Up
- Wrapped in Your Arms
- You + Me
- You Are My Guiding Star
- You Asked Me Why
- You Brighten My Day
- You Lucky Duck!
- You Rock Me!
- You Were Worth the Wait
- You and I
- You and I Forever
- You are out of this world
- You're My Hero
- You're Soo kissable
- You're so Far Away
- You're the One
- Your Love Has Opened
- Your Silly Smile
Attachments may be any of the following filenames:
- Flash Postcard.exe
- flash postcard.exe
- greeting postcard.exe
- Greeting Postcard.exe
- greeting card.exe
- Greeting Card.exe
- postcard.exe
- Postcard.exe
|
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: January 28, 2007
|
|
|
|
|
