Home > General > W32.lovgate

W32.lovgate

The worm tries passwords from the following list: Guest, Administrator, zxcv, yxcv, xxx, xp, win, test123, test, temp123, temp, sybase, super, sex, secret, pwd, pw123, pw, pc, Password, owner, oracle, mypc123, To avoid detection, W32/Lovgate-AA attempts to kill processes whose name includes any of the following strings:KV KAV Duba NAV kill RavMon.exe Rfw.exe Gate McAfee Symantec SkyNet rising Every hour W32/Lovgate-AA will Use with parental advisory. English 简体中文 český English Français Deutsch Magyar Italiano 日本語 한국의 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close This site uses cookies.

Partners Support Company Downloads Free Trials All product trials in one place. How to turn on the Windows Firewall in Windows 7 How to turn on the Windows Firewall in Windows Vista How to turn on the Windows firewall in Windows XP Get Secure Wi-Fi Super secure, super wi-fi. W32/Lovgate-AA makes the folder Windows\temp\ visible to the network with the share-name "GAME" and fills it with copies of itself whose filenames consist of 0-15 random letters followed by any of

Secure Email Gateway Simple protection for a complex problem. SG UTM The ultimate network security package. The email will have a variable subject and a file attachment with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension. W32/Lovgate-Z copies itself to the Windows system folder as the files WinHelp.exe, iexplore.exe, kernel66.dll and ravmond.exe and to the Windows folder as systra.exe.

Email addresses are harvested from HTML files found in the Personal, Windows and current folders and the path. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. By continuing to browse the site you are agreeing to our use of cookies. Secure Email Gateway Simple protection for a complex problem.

Some variants also terminate security-related processes that are running on the computer. This worm can copy itself into remote Windows system folders as NETMANAGER.EXE and execute this file as a service named 'Windows Management Network Service Extensions'. Essentially, social engineering is an attack against the human interface of the targeted computer. https://www.symantec.com/security_response/writeup.jsp?docid=2004-040509-5153-99 The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms There may be no readily apparent indications that your

Server Protection Security optimized for servers. W32/Lovgate-AA also listens for TCP connections on port 6000 and logs potential username/password pairs to C:\NetLog.txt . Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). Sophos Home Free protection for home computers.

The message contains Unicode characters and has been sent as a binary attachment. The files internet.exe, ily668.dll, task688.dll and reg678.dll are also created in the Windows system folder. ActivitiesRisk LevelsAttempts to load and execute remote code in explorer processAttempts to write to a memory location of a protected process.Attempts to write to a memory location of a Windows system The attachment name also varies, with a .bat, .cmd, .exe, .pif, or .scr file extension.

Get Pricing The right price every time. W32/Lovgate-Z attempts to terminate processes containing the following strings: rising SkyNet Symantec McAfee Gate Rfw.exe RavMon.exe kill Duba KAV KV W32/Lovgate-Z also overwrites EXE files on the system with copies of The message sent as a binary attachment. Sophos Central Synchronized security management.

These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links. In addition W32/Lovgate-Z copies itself to the file command.exe in the root folder and creates the file autorun.inf there containing an entry to run the dropped file upon system startup. [email protected] spreads through the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows

By continuing to browse the site you are agreeing to our use of cookies. Enduser & Server Endpoint Protection Comprehensive security for users and data. Live Sales Chat Have questions?

Attempts to copy itself to Kazaa-shared folders and all the computers on a local network.

This worm can also exploit a vulnerability explained in the Microsoft Knowledge Base article 827363 (Microsoft Security Bulletin MS03-039) to run code with system privileges on remote computers. Live Sales Chat Have questions? Our expertise. Antivirus Protection Dates Initial Rapid Release version July 2, 2004 Latest Rapid Release version August 8, 2016 revision 023 Initial Daily Certified version July 2, 2004 Latest Daily Certified version August

Solutions Industries Your industry. This threat is written in the C++ programming language and is compressed with JDPack, ASPack, and UPX. The worm drops ZIP files containing a copy of the worm onto accessible drives. An attacker connecting to one of these ports will be able to execute arbitrary commands on the infected machine.

SG UTM The ultimate network security package. Adult content!!! Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary This threat is written in the C++ programming language and is compressed with JDPack and ASPack.

W32/Lovgate-Z also attempts to spread via weakly protected remote shares by connecting to the admin$ share using a password from an internal list and copying itself as the file NetManager.exe to Close Products Network XG Firewall The next thing in next-gen. Protect yourself from social engineering attacks While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to When started the worm copies itself to the root folder as COMMAND.EXE, to the Windows folder as SYSTRA.EXE and to the Windows system folder as IEXPLORE.EXE, kernel66.dll (hidden) and RAVMOND.exe.

For further assistance, please contact! This scenario limits the possibility of attacks by malware and other threats that require administrative privileges to run. Solutions Industries Your industry. Secure Wi-Fi Super secure, super wi-fi.

IT Initiatives Embrace IT initiatives with confidence. Email addresses are harvested from WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL files found on the system. Send reply if you want to be official beta tester. SafeGuard Encryption Protecting your data, wherever it goes.