1. Symantec/
  2. Security Response/
  3. W32.HLLW.Torvel.B@mm


Risk Level 2: Low

October 12, 2003
February 13, 2007 12:09:04 PM
Also Known As:
W32.HLLW.Torvil@mm, W32/Torvil@MM [McAfee]
Systems Affected:

W32.HLLW.Torvel.B@mm is a mass-mailing worm that uses the currently available MAPI program or its own SMTP engine to spread itself. The email has the following characteristics:

The subject line is one of the following:
  • congratulations!
  • darling
  • Do not release, its the internal rls!
  • Documents
  • Pr0n!
  • Undeliverable mail--
  • Returned mail--
  • here¦s a nice Picture
  • New Internal Rls...
  • here¦s the document
  • here¦s the document you requested
  • here¦s the archive you requested
  • Your Account at Info@<FakeDomain> has expired.
The attachment can be one of the following:
  • yourwin.bat
  • probsolv.doc.pif
  • flt-xb5.rar.pif
  • document.doc.pif
  • sexinthecity.scr
  • torvil.pif
  • win$hitrulez.pif
  • sexy.jpg
  • flt-ixb23.zip
  • readit.doc.pif
  • document1.doc.pif
  • attachment.zip
  • message.zip
  • Q723523_W9X_WXP_x86_EN.exe

  1. The worm may spoof the "From:" field of the email.
  2. The worm can copy itself to the network shares that have weak passwords.
  3. This worm also attempts to spread itself through the file-sharing networks, such KaZaA and Xolox, as well as ICQ and mIRC.
  4. This threat is written in the Borland Delphi programming language and is compressed with ASPack.

Note: Definitions dated prior to October 16, 2003 may detect this threat as W32.HLLW.Torvil@mm.

Antivirus Protection Dates

  • Initial Rapid Release version October 13, 2003
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version October 13, 2003
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date October 15, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube