PE_LOVGATE.J

PE_LOVGATE.J is a file-infecting virus that propagates via shared network drives and email. It runs on Windows NT, 2000, and XP systems.

To spread through network shares, it searches for shared folders with read/write access in the same network and drops copies of itself into these folders using the following file names:

* 100 free essays school.pif
* Age of empires 2 crack.exe
* AN-YOU-SUCK-IT.txt.pif
* Are you looking for Love.doc.exe
* autoexec.bat
* CloneCD + crack.exe
* How To Hack Websites.exe
* Mafia Trainer!!!.exe
* MoviezChannelsInstaler.exe
* MSN Password Hacker and Stealer.exe
* Panda Titanium Crack.zip.exe
* Sex_For_You_Life.JPG.pif
* SIMS FullDownloader.zip.exe
* Star Wars II Movie Full Downloader.exe
* The world of lovers.txt.exe
* Winrar + crack.exe

It propagates via email using Microsoft Outlook and Outlook Express by replying to all new messages with the following:

From: <Infected User's Name>
To: <Original Sender>
Subject: RE: <Original Subject>
Message Body:
'''<Infected User's Name>' wrote:
====
><Original Body> >
====

YAHOO.COM Mail auto-reply:

If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about,don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
... ... more look to the attachment.
> Get your FREE <Original Sender's SMTP account> account now! <

Attachment: (Randomly selected from any of the following

• 
  I am For u.doc.exe"
  Britney spears nude.exe.txt.exe
  joke.pif
  DSL Modem Uncapper.rar.exe
  Industry Giant II.exe
  StarWars2 - CloneAttack.rm.scr
  dreamweaver MX (crack).exe
  Shakira.zip.exe
  SETUP.EXE
  Macromedia Flash.scr
  How to Crack all gamez.exe
  Me_nude.AVI.pif
  s3msong.MP3.pif
  Deutsch BloodPatch!.exe
  Sex in Office.rm.scr
  the hardcore game-.pif

This malware also gathers target email addresses from HTML files that it finds in the current folder and Windows folders, and a specific registry key, and sends an email message with itself as an attachment to these email addresses. This email message is randomly generated, using one of several possible subject lines, message bodies, and attachments.

This malware also has backdoor capabilities that allow remote users to access the infected system. It opens specific ports and immediately sends an email notifying a remote user that the infected machine is online and accessible.

If you would like to scan your computer for PE_LOVGATE.J or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

PE_LOVGATE.J is detected and cleaned by Trend Micro pattern file #534 and above.