Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Lovsan Worm

                     Lovsan is an Internet worm, uses a vunerability DCOM/RPC to spread. It scans for vulnerable systems using random IP address and infects them. The infected systems scans other systems and keep on replicating from every infected machine.

                     The worm copies to Windows system folder as msblast.exe
When the worm file is executed, it modifies the registry run section to load automatically. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"windows auto update"= "msblast.exe" 

                     Lovsan worm will launch a distributed DDos attack on windowsupdate.com server after 15 Aug. 2003. It contains the following string 

I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!

                     Lovesan worm uses security hole to infect. You can find more details about this vulnerability and security patch download details at http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Remvoing Lovesan from your computer:

                     Fire has incorporated Lovsan worm in its signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                     If you are already infected with this worm, download and install security patch from the link http://www.microsoft.com/technet/security/bulletin/MS03-026.asp. Then run Fire anti-virus and choose delete option to remove the worm components. A free utility also available to detect and clean Lovsan worm. Click this link CleanLN.exe to get a copy of Lovsan scanner and remover.

                     A free download of FireLite [ 1100 KB ] version is also available to detect other viruses including Lovesan Worm. Fire anti-virus kit removes Lovsan worm safely. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com

[Analysis: Mr. Jacob Kalis, Prognet Technologies Pvt. Ltd, Aug. 2003]

Go to top of the page
.