Threat Description

Net-Worm: W32/Lovsan.B


Category: Malware
Type: Net-Worm
Platform: W32
Aliases: Net-Worm:W32/Lovsan.B


The new B variant of Net-Worm:W32/Lovsan was found on August 13th 2003.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Technical Details

A dropper available on a web page drops two files in Windows System folder and adds them to the Windows registry:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

The first file called Root32.exe is a backdoor and the second one called teekids.exe is the actual worm.

This new variant is functional identical to the previous Lovsan, only the text and the file name have been changed.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More