Cart
Win32.Worm.Lolol.A( W32.HLLW.Lolol (NAV), Worm.P2P.Lolol (F-Prot) )
SYMPTOMS: - File "winsys.exe" in %system%- Registry key "LM\Software\Microsoft\Windows\CurrentVersion\Run" contains "Configuration Loader" - Many executables in Kazaa shared directory (as shown below) TECHNICAL DESCRIPTION: It is a classical case of Peer-to-Peer (P2P) worm, designed for Win32. It spreads over the Kazaa file sharing utility using many trap files created in the Kazaa's shared folder with many different names such as:- combinations of "age of empires 3", "nba2003", "warcraft 3", etc. and "crack", "serial", etc. - combinations of "virtual girl -" and different girl names. - etc. The worm contains a backdoor, which allows an attacker to connect and run certain commands on victim's computer. Removal instructions: - manual removal: delete all infected files- automatic removal: let BitDefender delete files found infected ANALYZED BY: Mircea Ciubotariu BitDefender Virus Researcher |