1. Symantec/
  2. Security Response/
  3. W32.HLLW.Lavits


Risk Level 1: Very Low

June 4, 2003
February 13, 2007 12:02:01 PM
Also Known As:
Systems Affected:

W32.HLLW.Lavits is a worm that attempts to spread across the KaZaA file-sharing network. This worm also uses Microsoft Outlook to send email to all the contacts in the Microsoft Outlook Address Book. When W32.HLLW.Lavits is run, it will display a fake message with the message title "Application Error."

The email does not have an attachment. The email messages have the following characteristics:

Subject: Where are you?
Message Body:
Where are you?,I enjoy speaking with you :)
Simdi icinden buda kim diyorsundur :)

W32.HLLW.Lavits is written in Visual Basic (VB) and is packed with UPX.

NOTE: Definitions dated prior to June 6, 2003 may detect this threat as W32.HLLW.Xolox@mm.

Security Response could not successfully reproduce the mass-mailing routine in a controlled laboratory environment. The worm did not attach itself to any outgoing emails.

Antivirus Protection Dates

  • Initial Rapid Release version June 5, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version June 5, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date June 5, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Scott Gettis

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube