Skip to main content

Net-Worm:W32/Lovsan.E

Classification

Category:Malware
Type:Net-Worm
Platform:W32
Aliases:

Lovsan.E

Summary

The new E variant of Net-Worm:W32/Lovsan was found on August 29th, 2003.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Caution: Manual disinfection is a risky process; it is recommended only for advanced users.

For full 8-step list of how to get rid of Lovsan, please see Net-Worm:W32/Lovsan

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

This variant is functionally identical to Lovsan.A with a few minor differences:

  • It uses the file name mslaugh.exe instead of MSBLAST.EXE.
  • It uses a different MUTEX name: 'SILLY'
  • The Distributed Denial of Service (DDoS) target has been changed to kimble.org, which already points to 127.0.0.1, effectively causing the infected hosts to attack themselves
  • The used registry value has been changed to: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Automation'
  • It has a different hidden message: 'I dedicate this particular strain to me ANG3L - hope yer enj oying yerself and dont forget the promise for me B/DAY !!!!'

More Support

Community

Ask questions in our Community.

User guides

Check the user guide for instructions.

Contact Support

Chat with with or call an agent.

Submit a Sample

Submit a file or URL for analysis.