Home > General > W32.lovgate

W32.lovgate

For more information, see http://www.microsoft.com/windows/antivirus-partners/. Close Products Network XG Firewall The next thing in next-gen. By continuing to browse the site you are agreeing to our use of cookies. Our expertise.

Our expertise. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Writeup By: Takayoshi Nakayama Summary| Technical Details| Removal Search Threats Search by nameExample: [email protected] INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH [email protected] spreads through the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.

By using our site you accept the terms of our Privacy Policy. Secure Email Gateway Simple protection for a complex problem. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

All Users: Please use the following instructions for

Email have the following characteristics: Subject line: test hi hello Mail Delivery System Mail Transaction Failed Server Report Status Error Message text: It's the long-awaited film version of the Broadway hit. Get Pricing The right price every time. Free Trials All product trials in one place. English 简体中文 český English Français Deutsch Magyar Italiano 日本語 한국의 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close This site uses cookies.

Our expertise. All rights reserved. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols. https://www.symantec.com/security_response/writeup.jsp?docid=2004-040509-5153-99 To avoid detection, W32/Lovgate-AA attempts to kill processes whose name includes any of the following strings:KV KAV Duba NAV kill RavMon.exe Rfw.exe Gate McAfee Symantec SkyNet rising Every hour W32/Lovgate-AA will

The worm has a backdoor component that allows attackers to remotely access and control the infected computer. Live Sales Chat Have questions? Some variants also terminate security-related processes that are running on the computer. On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command

By using our site you accept the terms of our Privacy Policy. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Lovgate-Z/detailed-analysis.aspx Email addresses are harvested from HTML files found in the Personal, Windows and current folders and the path. In order to run automatically when Windows starts up W32/Lovgate-AA creates the following registry entries: HKCR\exefile\Shell\open\command\@ = "C:\WINDOWS\System32\winexe.exe \"%1\" %*" HKLM\Software\Microsoft\Windows\CurrentVersion\Run\S0undMan = C:\WINDOWS\System32\svch0st.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinHelp = C:\WINDOWS\System32\WinHelp.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinGate initialize = C:\WINDOWS\System32\WinGate.exe -remoteshell The worm may also send a .zip file containing the attachment.

Your peace of mind. Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Lovgate-F Category: Viruses and Spyware Type: Win32 worm Prevalence: Download our free Virus Removal Tool - Find and This worm will spoof the sender's email address. ActivitiesRisk LevelsAttempts to load and execute remote code in explorer processAttempts to write to a memory location of a protected process.Attempts to write to a memory location of a Windows system

Scans files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses. SafeGuard Encryption Protecting your data, wherever it goes. Antivirus Protection Dates Initial Rapid Release version July 2, 2004 Latest Rapid Release version August 8, 2016 revision 023 Initial Daily Certified version July 2, 2004 Latest Daily Certified version August Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary

Sophos Central Synchronized security management. Secure Web Gateway Complete web protection everywhere. OEM Solutions Trusted by world-leading brands.

Essentially, social engineering is an attack against the human interface of the targeted computer.

These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links. Live Sales Chat Have questions? The "sender" of the email is spoofed, and the subject line and message body of the email vary. SafeGuard Encryption Protecting your data, wherever it goes.

SophosLabs Behind the scene of our 24/7 security. Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Lovgate-F Category: Viruses and Spyware Type: Win32 worm Prevalence: Download our free Virus Removal Tool - Find and How to turn on the Windows Firewall in Windows 7 How to turn on the Windows Firewall in Windows Vista How to turn on the Windows firewall in Windows XP Get This threat is written in the C++ programming language and is compressed with JDPack, ASPack, and UPX.

Server Protection Security optimized for servers. The email will have a variable subject and a file attachment with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension. This worm can also exploit a vulnerability explained in the Microsoft Knowledge Base article 827363 (Microsoft Security Bulletin MS03-039) to run code with system privileges on remote computers. It allows an attacker to access your computer.

All rights reserved. Public Cloud Stronger, simpler cloud security. Sophos Central Synchronized security management. W32/Lovgate-Z copies itself to the Windows system folder as the files WinHelp.exe, iexplore.exe, kernel66.dll and ravmond.exe and to the Windows folder as systra.exe.

These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links. For more information, see http://www.microsoft.com/protect/yourself/password/create.mspx. W32/Lovgate-F also creates a file AUTORUN.INF in the root folder and msjdbc11.dll, MSSIGN30.DLL and ODBC16.dll in the Windows system folder (which are detected by Sophos as W32/Lovgate-V). This worm may also drop itself into the Windows system folder using a random name as well as two FTP server components, SPOLLSV.EXE and NETMEETING.EXE.

The worm tries passwords from the following list: Guest, Administrator, zxcv, yxcv, xxx, xp, win, test123, test, temp123, temp, sybase, super, sex, secret, pwd, pw123, pw, pc, Password, owner, oracle, mypc123, The worm drops ZIP files containing a copy of the worm onto accessible drives. Email addresses are harvested from WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL files found on the system. By continuing to browse the site you are agreeing to our use of cookies.

Intercept X A completely new approach to endpoint security. Attached file (extension ZIP, EXE, PIF or SCR): document readme doc text file data test message body The worm attempts to reply to emails found in the user's inbox using the