Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:W32.HLLW.Lovgate.F@mm, I-Worm.LovGate.f, W32/Lovegate, W95/Lovgate.J@mm, W32.HLLW.Lovgate
Type:Worm 
Size:172,842 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email. Backdoor component. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionThe worm has its own SMTP engine and sends itself to all email addresses it can find on the infected computer. It also spreads over the network drives of the infected system.
The backdoor component of Worm/Lovegate saves keylogging information and passwords into the following files:
win32pwd.sys
win32add.sys
and sends this information to the email addresses:
'hello_dll@163.com' and 'hacker117@163.com'.

Over port 10168 a user, using the same Client program, can make various changes into the infected system.

Subject:
Documents
Roms
Pr0n!
Evaluation copy
Help
Beta
Do not release
Last Update
The patch
Cracks!

Body:
I'll try to reply as soon as possible.
Take a look to the attachment and send me your opinion!
Send me your comments...
Test this ROM! IT ROCKS!.
Adult content!!! Use with parental advisory.
Test it 30 days for free.
I'm going crazy... please try to find the bug!.
Send reply if you want to be official beta tester.
This is the pack ;)
This is the last cumulative update.
I think all will work fine.
Check our list and mail your requests!

Attachment:
Docs.exe
Roms.exe
Sex.exe
Setup.exe
Source.exe
_SetupB.exe
Pack.exe
LUPdate.exe
Patch.exe
CrkList.exe

Technical DetailsIt contains a longer password list, for attempting to access shared resources:
"" (empty password)
"123"
"321"
"123456"
"654321"
"guest"
"administrator"
"admin"
"111111"
"666666"
"888888"
"abc"
"abcdef"
"abcdefg"
"12345678"
"abc123"
"root"
"1"
"111"
"1234"
"!@#$"
"asdf"
"asdfgh"
"!@#$%"
"!@#$%^"
"!@#$%^&"
"!@#$%^&*"
"sql"
"server"
"passwd"
"password"
"12345"
"54321"
"pass"
"0 "
"000000"
"00000000"
"007"
"110"
"11111111"
"12"
"121212"
"123123"
"1234567"
"123456789"
"123abc"
"123asd"
"2002"
"2003"
"2600"
"88888888"
"a"
"aaa"
"abcd"
"Admin"
"admin123"
"alpha"
"computer"
"database"
"enable"
"god"
"godblessyou"
"home"
"Internet"
"Login"
"login"
"love"
"mypass"
"mypass123"
"mypc"
"mypc123"
"oracle"
"owner"
"Password"
"pc"
"pw"
"pw123"
"pwd"
"secret"
"sex"
"super"
"sybase"
"temp"
"temp123"
"test"
"test123"
"win"
"xp"
"xxx"
"yxcv"
"zxcv"
"Administrator"
"Guest"

It creates more DLLs in System, but with other names than in the prior versions.
When sending emails through MAPI, it uses the following file names:
"I am For u.doc.exe"
"Britney spears nude.exe.txt.exe"
"joke.pif"
"DSL Modem Uncapper.rar.exe"
"Industry Giant II.exe"
"StarWars2 - CloneAttack.rm.scr"
"dreamweaver MX (crack).exe"
"Shakira.zip.exe"
"SETUP.EXE"
"Macromedia Flash.scr"
"How to Crack all gamez.exe"
"Me_nude.AVI.pif"
"s3msong.MP3.pif"
"Deutsch BloodPatch!.exe"
"Sex in Office.rm.scr"
"the hardcore game-.pif"

When copying itself into shared resources, the worm uses the following names:
"MSN Password Hacker and Stealer.exe"
"SIMS FullDownloader.zip.exe"
"Winrar + crack.exe"
"Star Wars II Movie Full Downloader.exe"
"MoviezChannelsInstaler.exe"
"Age of empires 2 crack.exe"
"CloneCD + crack.exe"
"Sex_For_You_Life.JPG.pif"
"AN-YOU-SUCK-IT.txt.pif"
"100 free essays school.pif"
"Mafia Trainer!!!.exe"
"Panda Titanium Crack.zip.exe"
"How To Hack Websites.exe"
"The world of lovers.txt.exe"
"autoexec.bat"
"Are you looking for Love.doc.exe"
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .