PDA

View Full Version : Lovsan.E worm - How do I disenfect.



mejobloggs
25-03-2004, 09:22 PM
Not having experience with getting rid of viruses I thought I would ask you people.

Lovsan.E worm Please tell me what to do.

Also, how to protect from further infection from it?

Thanks

mejobloggs
25-03-2004, 09:25 PM
Hup. Sorry, I just deleted it with NOD32. It said it could not clean the virus, so I thought that meant it couldnt do anything. I just noticed it had delete :-)

mejobloggs
28-03-2004, 04:59 PM
Well, it just popped up again in another file. I think maybe it is spreading?

whiskeytangofoxtrot
28-03-2004, 05:05 PM
Woah... the Blaster virus... old school :-)

You need to get a patch from MS to prevent becoming reinfected over and over again.

Then you'll need a virus removal tool or similar to get rid of it.

This Symantec Page (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html) has all the info you need including a removal tool and links to the MS patches for W2K or WXP (only affected OS's).

stu140103
28-03-2004, 05:06 PM
I am guessing you are using win xp?

If so disable System Restore (Note: you will loss all your System Restore points) then that will help with removing it.

stu140103
28-03-2004, 05:13 PM
> Woah... the Blaster virus... old school :-)

I donít think so....

This is what Blaster is called:

W32/Lovsan.worm.a [McAfee], Win32.Poza.A [CA], Lovsan [F-Secure], WORM_MSBLAST.A [Trend], W32/Blaster-A [Sophos], W32/Blaster [Panda], Worm.Win32.Lovesan [KAV] source: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

There is northing there that says: Lovsan.E

mejobloggs: are you shore you got the name right?

whiskeytangofoxtrot
28-03-2004, 05:40 PM
> I donít think so....
>

I do...

Lovsan.E is the same as Blaster.E it's just another variant of Blaster.

The Symantec Removal tool linked off the page above removes Blaster A through F so will get rid of the Blaster.E (Lovsan.E) virus.

All variants of Blaster (Lovsan) infect through the same port, so you definitely need the MS patch and the removal tool.

Symantec's Blaster E Page (http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.e.worm.html)

Removal Tool Direct Download (http://securityresponse.symantec.com/avcenter/FixBlast.exe[/url)

Symantec Security Response has developed a removal tool to clean the infections of W32.Blaster.E.Worm.

Also Known As: W32/Blaster-E [Sophos], W32/Lovsan.worm.e [McAfee], Worm.Win32.Lovesan [KAV]

whiskeytangofoxtrot
28-03-2004, 05:53 PM
Download page for W2K Patch (http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=en)

Download page for WXP Patch (http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=en)

Dunno how well those link's will work - give em a try.

whiskeytangofoxtrot
28-03-2004, 05:58 PM
Removal Tool Direct Download (http://securityresponse.symantec.com/avcenter/FixBlast.exe)

Seems something funky happened to the url the first time - will try that one again.

mejobloggs
29-03-2004, 06:18 PM
Sweet, thanks guys. All sorted now.