Date Discovered: 3/22/2004
Date Added: 3/24/2004
Origin: Unknown
Length: 114,176 bytes
Type: Virus
SubType: Worm
Virus Characteristics
This detection is for a new variant of W32/Lovgate. It bears the following characteristics:
Mails itself, constructing message uses its own SMTP engine. Email attachment may be a ZIP archive. Mails are sent in reply to email messages found on the victim machine.
drops a backdoor component (detected as BackDoor-AQJ with 4339 DATS and above)
attempts to copy itself to poorly secured remote shares, scanning contiguous IP ranges, seeking accessible IPC$ or ADMIN$ shares.
Such copies of the worm may be enticingly named, or within ZIP or RAR archives. The worm carries a list of typical username/password combinations which it uses in attempting to get write access to remote shares
if it is able to access a remote share, it copies itself there as NETMANAGER.EXE, and remotely executes itself as a service on the remote machine.
creates a share on the victim machine (share name "MEDIA").
Renames the extensions of EXE files to ZMX.
Terminates certain processes
More: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101132
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
W32/Lovgate.q@M
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic