Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Net-Worm:W32/Lovsan.B


Aliases:


Net-Worm:W32/Lovsan.B
Net-Worm:W32/Lovsan.B

Malware
Net-Worm
W32

Summary

A type of worm that replicates by sending complete, independent copies of itself over a network.



Disinfection & Removal


Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.


Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:



Technical Details

The new B variant of Net-Worm:W32/Lovsan was found on August 13th 2003.

A dropper available on a web page drops two files in Windows System folder and adds them to the Windows registry:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

The first file called Root32.exe is a backdoor and the second one called teekids.exe is the actual worm.

This new variant is functional identical to the previous Lovsan, only the text and the file name have been changed.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.