1. Symantec/
  2. Security Response/
  3. W32.Lorsis.Worm


Risk Level 2: Low

July 27, 2003
February 13, 2007 12:03:03 PM
Systems Affected:

W32.Lorsis.Worm is a worm that spreads through the KaZaA file-sharing network. If this worm is executed in February, or from December 6 to 31, it deletes critical system files.

The worm uses several different filenames ending with " .exe" (there are 15 spaces before the .exe extension); see the "Technical Details" section for a complete list.

During execution, the worm repeatedly attempts to copy itself to the A: drive, resulting in noticeable noise from the floppy drive, if one is installed.

W32.Lorsis.Worm is written in Visual Basic and is compressed with Aspack and UPX.

Antivirus Protection Dates

  • Initial Rapid Release version July 28, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version July 28, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date July 30, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Heather Shannon

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube