| Lovgate.AH is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Lovgate.AH is compressed using the executable packer and its file size is 152,576 bytes. Lovgate.AH drops the following files on the hard drive: |
It also changes Windows registry:
- C:\WINDOWS\system32\TkBellExe.exe (152576 bytes)
- C:\WINDOWS\system32\Update_OB.exe (152576 bytes)
- C:\WINDOWS\system32\hxdef.exe (152576 bytes)
- C:\WINDOWS\system32\RAVMOND.exe (152576 bytes)
Lovgate.AH makes the following additional changes to the infected computer:
- Creates value "WinHelp"="C:\WINDOWS\system32\TkBellExe.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
- Creates value "Hardware Profile"="C:\WINDOWS\system32\hxdef.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
- Modifies profile key "run"="RAVMOND.exe" in section [WINDOWS] of file C:\WINDOWS\win.ini.