Date Discovered: 3/22/2004
Date Added: 3/24/2004
Origin: Unknown
Length: 114,176 bytes
Type: Virus
SubType: Worm
Virus Characteristics
This detection is for a new variant of W32/Lovgate. It bears the following characteristics:
Mails itself, constructing message uses its own SMTP engine. Email attachment may be a ZIP archive. Mails are sent in reply to email messages found on the victim machine.
drops a backdoor component (detected as BackDoor-AQJ with 4339 DATS and above)
attempts to copy itself to poorly secured remote shares, scanning contiguous IP ranges, seeking accessible IPC$ or ADMIN$ shares.
Such copies of the worm may be enticingly named, or within ZIP or RAR archives. The worm carries a list of typical username/password combinations which it uses in attempting to get write access to remote shares
if it is able to access a remote share, it copies itself there as NETMANAGER.EXE, and remotely executes itself as a service on the remote machine.
creates a share on the victim machine (share name "MEDIA").
Renames the extensions of EXE files to ZMX.
Terminates certain processes
More: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101132

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic