Threat Description

Net-Worm:​W32/Lovsan.B

Details

Aliases: Net-Worm:​W32/Lovsan.B, Net-Worm:​W32/Lovsan.B
Category: Malware
Type: Net-Worm
Platform: W32

Summary



A type of worm that replicates by sending complete, independent copies of itself over a network.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:



Technical Details



The new B variant of Net-Worm:W32/Lovsan was found on August 13th 2003.

A dropper available on a web page drops two files in Windows System folder and adds them to the Windows registry:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

The first file called Root32.exe is a backdoor and the second one called teekids.exe is the actual worm.

This new variant is functional identical to the previous Lovsan, only the text and the file name have been changed.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More