The new E variant of Net-Worm:W32/Lovsan was found on August 29th, 2003.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Caution: Manual disinfection is a risky process; it is recommended only for advanced users.
For full 8-step list of how to get rid of Lovsan, please see Net-Worm:W32/Lovsan
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more assistance.
For general instructions on disinfecting a local network infection, please see Eliminating A Local Network Outbreak.
This variant is functionally identical to Lovsan.A with a few minor differences:
- It uses the file name mslaugh.exe instead of MSBLAST.EXE.
- It uses a different MUTEX name: 'SILLY'
- The Distributed Denial of Service (DDoS) target has been changed to kimble.org, which already points to 127.0.0.1, effectively causing the infected hosts to attack themselves
- The used registry value has been changed to: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Automation'
- It has a different hidden message: 'I dedicate this particular strain to me ANG3L - hope yer enj oying yerself and dont forget the promise for me B/DAY !!!!'