Net-Worm:W32/Lovsan.B

Classification

Malware

Net-Worm

W32

Net-Worm:W32/Lovsan.B

Summary

The new B variant of Net-Worm:W32/Lovsan was found on August 13th 2003.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Find out more
Knowledge Base

Find the latest advice in our Community Knowledge Base.

Product Manual

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

A dropper available on a web page drops two files in Windows System folder and adds them to the Windows registry:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

The first file called Root32.exe is a backdoor and the second one called teekids.exe is the actual worm.

This new variant is functional identical to the previous Lovsan, only the text and the file name have been changed.

Date Created: -

Date Last Modified: -