Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

** Virus Advisory - W32/Lovgate.ad@MM **

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
The Count
Junior Member


Joined: 06 Mar 2004
Last Visit: 23 Jun 2007
Posts: 17

PostPosted: Sat Jul 03, 2004 6:33 am    Post subject: ** Virus Advisory - W32/Lovgate.ad@MM ** Reply with quote

Hello everyone,

It's been awhile, family matters, but I'm back... and ofcourse with a alert.
McAfee wrote:
Like its predecessors, W32/Lovgate.ad@MM is a Medium Risk
mass-mailing worm hiding inside an email attachment. When
run, the worm:

1. Drops a dangerous backdoor on an infected machine that
can allow a remote hacker to steal information.
2. Infects executable programs.
3. Tries to disable anti-virus and security software.
4. Emails itself to a) stolen contacts or b) as replies
to unread MS Outlook or Outlook Express messages on the
infected machine, spoofing the "from: field".

Note: McAfee VirusScan proactively detects and blocks
W32/Lovgate.ab@MM's backdoor component (BackDoor-AQJ).

--> What should I look for?

Subject (examples): hi, hello, Hello, Mail transaction
Failed, mail delivery system

Body (examples): Mail failed. For further assistance,
please contact! The message contains Unicode characters
and has been sent as a binary attachment.

Attachment: Randomly constructed strings with the
following extensions: .EXE, .PIF, .SCR, .ZIP

--> How do I know if I've been infected?

Presence of various .EXE,.DLL or .ZIP archive files on
system. Modified System Registry (see our site for
details).

Learn more about W32/Lovgate.ad@MM here:
http://us.mcafee.com/root/campaign.asp?cid=11205

FreeScan checks for W32/Lovgate.ad@MM. Scan now:
http://us.mcafee.com/root/campaign.asp?cid=11206
_________________
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com
Back to top
View user's profile Send private message Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Sat Jul 03, 2004 7:53 am    Post subject: Reply with quote

its coverd here in several veriations.
http://spywarewarrior.com/viewtopic.php?t=3515
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wandrinstar
Junior Member


Joined: 20 Jun 2004
Last Visit: 09 Jul 2014
Posts: 15

PostPosted: Wed Jul 07, 2004 2:06 am    Post subject: Reply with quote

I got a delivery of this to my MS Outlook mail account;
Quote:

This message had an attachment which were found to contain the following virus(es):

File 'message9347.zip/msg.eml .scr' was infected with virus 'W32.Netsky.Q@mm' (ID 37711)

The infected file(s) were cleaned or removed from the attachment

----------------------------------------------------------------------
I took a chance and hit "reply" to see what would happen and the above is the result. Come out of it completely clean. Smile
My AV is Nod32 V2.
Back to top
View user's profile Send private message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Jul 07, 2004 8:32 am    Post subject: Reply with quote

your lucky as some viruses and trojins disable your onboard virus scanners.
when people send me virus i open linux up and trace down where there from,when they were last modified when applicable. etc. and when i know absolutely for sure where and who sent and if sent knowingly i contact the apropreate law enforcement people in there area. i have learned a lot more about computer security than.my avasaries know!
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
wandrinstar
Junior Member


Joined: 20 Jun 2004
Last Visit: 09 Jul 2014
Posts: 15

PostPosted: Wed Jul 07, 2004 8:44 am    Post subject: Reply with quote

Hi dave, I was sorely tempted to open the load bearing email but resisted. Obviously I got it out of the way without any further investigation. I was going to write the "from" address but thought it might not be a good idea. Subject was; Mail Delivery Failure.
b9(Benign) let me see the details before I got to it. And yes I was rather pleased to get out cleanly. Wink
Back to top
View user's profile Send private message
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum

PostPosted: Wed Jul 07, 2004 8:50 am    Post subject: Reply with quote

that kind is usally a spoofed addy not worth looking at unless some script kiddy has you as a target.
if you want to look at those don,t do it from windows.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group