This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
WORM_LOVGATE.F [Trend], WORM_LOVGATE.G [Trend], W32/Lovgate.f@M [McAfee], W32/Lovgate.g@M [McAfee], W32/Lovgate-E [Sophos], I-Worm.LovGate.f [KAV], Win32/Lovgate.F.Worm [CA]
Sent by email.
It collects email addresses from all HTML files and replies all messages in Microsoft Outlook Inbox. The email sent by the worm has the following structure:
Reply to this!
Attached one Gift for u..
See the attachement
For further assistance, please contact!
Copy of your message, including all the headers is attached.
This is the last cumulative update.
Tiger Woods had two eagles Friday during his victory over Stephen Leaney. (AP Photo/Denis Poroy)
Send reply if you want to be official beta tester.
This message was created automatically by mail delivery software (Exim).
It's the long-awaited film version of the Broadway hit. Set in the roaring 20's, this is the story of Chicago chorus girl Roxie Hart (Zellweger), who shoots her unfaithful lover (West).
Adult content!!! Use with parental advisory.
Patrick Ewing will give Knick fans something to cheer about Friday night.
Send me your comments...
auto-reply: If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about,don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
... ... more look to the attachment.
the hardcore game-.pif
Sex in Office.rm.scr
How to Crack all gamez.exe
dreamweaver MX (crack).exe
StarWars2 - CloneAttack.rm.scr
Industry Giant II.exe
DSL Modem Uncapper.rar.exe
Britney spears nude.exe.txt.exe
I am For u.doc.exe
When activated, the worm is copied in %SystemDIR%, with the following file names:
It copies the following files from %SystemDIR% and opens them:
The worm makes the autostart registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run winhelp %system%\winhelp.exeWinGate initialize %system%\WinGate.exe -remoteshellRemote Procedure Call Locator rundll32.exe reg678.dll ondll_regProgram in Windows %system%\iexplore.exe
It also enters:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows run RAVMOND.EXE
Then it changes: HKEY_CLASS_ROOT\txtfile\shell\open\command into: winrpc.exe %1
The worm will be activated every time a text file is opened.
The worm is copied in all shared network directories and archives as:
Are you looking for Love.doc.exe
The world of lovers.txt.exe
How To Hack Websites.exe
Panda Titanium Crack.zip.exe
100 free essays school.pif
CloneCD + crack.exe
Age of empires 2 crack.exe
Star Wars II Movie Full Downloader.exe
Winrar + crack.exe
MSN Password Hacker and Stealer.exe
It listens on TCP ports 1092, 20168 and 6000 and sends to the hacker the email addresses used with 163.com and Yahoo.com.cn. It has a backdoor routine on port 6000. It creates the file C:\Netlog.txt.
The worm tries to log on to the computer networks, using the "administrator" passwords:
If logged on, the worm tries to copy itself as:
Description inserted by Crony Walker on Tuesday, June 15, 2004
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type