W32/Lavehn-A

Discussion in 'malware problems & news' started by FanJ, Jul 24, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Lavehn-A
    Type: Win32 worm
    Date: 24 July 2002


    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    Description
    W32/Lavehn-A is an email worm which copies itself to
    C:\windows\system\uhneval.exe and creates the following registry entrys:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UHN32 =
    C:\windows\system\uhneval.exe

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\UHN32 = C:\windows\system\uhneval.exe

    The worm will search the hard disk and delete files with the following extensions:

    XLS
    DOC
    MDB
    MP3
    RPT
    DWG

    W32/Lavehn-A will email itself to contacts found in the Outlook address book. The emails will have the following charactistics:

    Subject line: ADMISION 2003
    Message body: PROSPECTO DE ADMISION 2003
    Attached file: unheval1.exe


    More information about W32/Lavehn-A can be found at
    http://www.sophos.com/virusinfo/analyses/w32lavehna.html
     
Thread Status:
Not open for further replies.