Content

W32/Lovsan.worm.b

Type
Virus
SubType
Internet Worm
Discovery Date
08/13/2003
Length
5,360 bytes
Minimum DAT
4285 (08/13/2003)
Updated DAT
4323 (02/11/2004)
Minimum Engine
5.1.00
Description Added
08/13/2003
Description Modified
08/13/2003 1:45 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

This is a variant of W32/Lovsan.worm. It is functionally the same as the original variant with the exception of filename and registry key creation.

    File name
  • teekids.exe
    Registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Run "Microsoft Inet Xp.." = teekids.exe Microsoft can suck my left testi! Bill
This variant has been bundled with the BackDoor-YQ trojan, in a dropper package (index.exe [32,045 bytes] - detected as W32/Lovsan.b.dr with the 4285 DAT files).

Symptoms

Presence of the following files in %WinDir%\System32 directory:

  • Root32.exe (19,798 bytes) (backdoor)
  • teekids.exe (5,360 bytes) (worm)

Method of Infection

See W32/Lovsan.worm.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

  • Lovsan.B (F-Secure)
  • W32/Blaster.worm.b

Characteristics

Characteristics -

This is a variant of W32/Lovsan.worm. It is functionally the same as the original variant with the exception of filename and registry key creation.

    File name
  • teekids.exe
    Registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Run "Microsoft Inet Xp.." = teekids.exe Microsoft can suck my left testi! Bill
This variant has been bundled with the BackDoor-YQ trojan, in a dropper package (index.exe [32,045 bytes] - detected as W32/Lovsan.b.dr with the 4285 DAT files).

Symptoms

Symptoms -

Presence of the following files in %WinDir%\System32 directory:

  • Root32.exe (19,798 bytes) (backdoor)
  • teekids.exe (5,360 bytes) (worm)

Method of Infection

Method of Infection -

See W32/Lovsan.worm.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A