McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Lovsan.B (F-Secure)

• W32/Blaster.worm.b

Characteristics

This is a variant of W32/Lovsan.worm. It is functionally the same as the original variant with the exception of filename and registry key creation.

File name
• teekids.exe

Registry key
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Run "Microsoft Inet Xp.." = teekids.exe Microsoft can suck my left testi! Bill

This variant has been bundled with the BackDoor-YQ trojan, in a dropper package (index.exe [32,045 bytes] - detected as W32/Lovsan.b.dr with the 4285 DAT files).

Symptoms

Presence of the following files in %WinDir%\System32 directory:

• Root32.exe (19,798 bytes) (backdoor)
• teekids.exe (5,360 bytes) (worm)

Method of Infection

See W32/Lovsan.worm.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Lovsan.B (F-Secure)

• W32/Blaster.worm.b

Characteristics

Characteristics -

This is a variant of W32/Lovsan.worm. It is functionally the same as the original variant with the exception of filename and registry key creation.

File name
• teekids.exe

Registry key
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Run "Microsoft Inet Xp.." = teekids.exe Microsoft can suck my left testi! Bill

This variant has been bundled with the BackDoor-YQ trojan, in a dropper package (index.exe [32,045 bytes] - detected as W32/Lovsan.b.dr with the 4285 DAT files).

Symptoms

Symptoms -

Presence of the following files in %WinDir%\System32 directory:

• Root32.exe (19,798 bytes) (backdoor)
• teekids.exe (5,360 bytes) (worm)

Method of Infection

Method of Infection -

See W32/Lovsan.worm.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A