Win32.Worm.Lolol.A( W32.HLLW.Lolol (NAV), Worm.P2P.Lolol (F-Prot) )
SYMPTOMS: - File \"winsys.exe\" in %system%- Registry key \"LM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" contains \"Configuration Loader\" - Many executables in Kazaa shared directory (as shown below) TECHNICAL DESCRIPTION: It is a classical case of Peer-to-Peer (P2P) worm, designed for Win32. It spreads over the Kazaa file sharing utility using many trap files created in the Kazaa\'s shared folder with many different names such as:- combinations of \"age of empires 3\", \"nba2003\", \"warcraft 3\", etc. and \"crack\", \"serial\", etc. - combinations of \"virtual girl -\" and different girl names. - etc. The worm contains a backdoor, which allows an attacker to connect and run certain commands on victim\'s computer. Removal instructions: - manual removal: delete all infected files- automatic removal: let BitDefender delete files found infected ANALYZED BY: Mircea CiubotariuBitDefender Virus Researcher |