Sonicwall Signatures


Go to All Categories list.

Lovgate.AD-1 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Lovgate.AD-1 has a file size of 143,360 bytes. Lovgate.AD-1 drops the following files on the hard drive:
  • C:\WINDOWS\SYSTEM32\realsched.exe (143360 bytes)
  • C:\WINDOWS\SYSTEM32\vptray.exe (143360 bytes)
  • C:\WINDOWS\SYSTEM32\hxdef.exe (143360 bytes)
  • C:\WINDOWS\SYSTEM32\RAVMOND.exe (143360 bytes)
It also changes Windows registry:
  • Creates value "WinHelp"="C:\WINDOWS\SYSTEM32\realsched.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
  • Creates value "Hardware Profile"="C:\WINDOWS\SYSTEM32\hxdef.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
Lovgate.AD-1 makes the following additional changes to the infected computer:
  • Modifies profile key "run"="RAVMOND.exe" in section [WINDOWS] of file C:\WINDOWS\win.ini.
It also is executed every time Windows starts.

Relevant Information