W32.HLLW.Lovgate.G@mm

W32.HLLW.Lovgate.G@mm is a minor variant of W32.HLLW.Lovgate.C@mm. This worm contains mass-mailing and backdoor functionalities. This variant does not properly function under Windows 95/98/Me systems.

To spread itself, the worm attempts to reply to incoming email messages and to email addresses that it finds in HTML files. The subject and attachment of the incoming email are chosen from a predefined list. The attachment will have a .exe, .pif, or .scr file extension.

W32.HLLW.Lovgate.G@mm also attempts to copy itself to all the computers on a local network, and then attempts to infect these computers. The worm also has a backdoor Trojan capability.

NOTE: Virus definitions dated March 24, 2003 may detect this threat as W32.HLLW.Lovgate.C@mm.

Symantec Security Response has created a tool to remove W32.HLLW.Lovgate.G@mm. Click here to obtain the tool.

Protection

• Initial Rapid Release version March 25, 2003
• Latest Rapid Release version February 9, 2010 revision 033
• Initial Daily Certified version March 25, 2003
• Latest Daily Certified version February 8, 2010 revision 038
• Initial Weekly Certified release date March 25, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: Medium
• Threat Containment: Easy
• Removal: Difficult

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High