(W32.HLLW.Lolol (NAV), Worm.P2P.Lolol (F-Prot))
- File "winsys.exe" in %system%
- Registry key "LM\Software\Microsoft\Windows\CurrentVersion\Run"
contains "Configuration Loader"
- Many executables in Kazaa shared directory (as shown below)
- manual removal: delete all infected files
- automatic removal: let BitDefender delete files found infected
Mircea Ciubotariu BitDefender Virus Researcher
It is a classical case of Peer-to-Peer (P2P) worm, designed for Win32. It spreads over the Kazaa file sharing utility using many trap files created in the Kazaa's shared folder with many different names such as:
- combinations of "age of empires 3", "nba2003", "warcraft 3", etc. and "crack", "serial", etc.
- combinations of "virtual girl -" and different girl names.
The worm contains a backdoor, which allows an attacker to connect and run
certain commands on victim's computer.