My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.Lolol.A

MEDIUM
MEDIUM
17440 bytes
(W32.HLLW.Lolol (NAV), Worm.P2P.Lolol (F-Prot))

Symptoms

- File "winsys.exe" in %system%
- Registry key "LM\Software\Microsoft\Windows\CurrentVersion\Run"
contains "Configuration Loader"
- Many executables in Kazaa shared directory (as shown below)

Removal instructions:

- manual removal: delete all infected files
- automatic removal: let BitDefender delete files found infected

Analyzed By

Mircea Ciubotariu BitDefender Virus Researcher

Technical Description:

It is a classical case of Peer-to-Peer (P2P) worm, designed for Win32. It spreads over the Kazaa file sharing utility using many trap files created in the Kazaa's shared folder with many different names such as:
- combinations of "age of empires 3", "nba2003", "warcraft 3", etc. and "crack", "serial", etc.
- combinations of "virtual girl -" and different girl names.
- etc.
The worm contains a backdoor, which allows an attacker to connect and run
certain commands on victim's computer.