Discussion in 'malware problems & news' started by Randy_Bell, Dec 10, 2002.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA

    Lolol is a worm virus spreading via the Kazaa file sharing network.

    The worm has a powerful backdoor routine which connects to an IRC channel where it accepts commands from its "master" (person controlling the worm).

    The worm itself is a Windows PE EXE file about 60KB in length and written in Microsoft Visual C++.

    When the infected file is run an installation routine.


    While installing the worm copies itself to the Windows system directory under the name "syscfg32.exe" and registers this file in two system registry auto-run keys:

    Configuration Loader = syscfg32.exe

    Configuration Loader = syscfg32.exe


    The "Lolol" worm copies itself to the following directories:

    C:\program files\kazaa\my shared folder\
    C:\program files\kazaa lite\my shared folder
    C:\My Downloads\

    Following are names "Lolol" copies itself under:

    play station emulator crack.exe
    play station emulator.exe
    warcraft 3 serials.pif
    warcraft 3 crack.exe
    100 free essays school.pif
    aol password cracker.exe
    aim password cracker
    aol cracker.exe
    aim cracker.exe
    steal usernames.exe
    how to hack.exe
    divx pro.exe
    how to use a shell.pif
    Virtua Girl (Full).exe
    GTA 3 Serial.exe
    GTA 3 Crack.exe
    virtua girl - adriana.pif
    virtua girl - bailey short skirt.pif

    ...e.t.c. (there is a total of about 80 different names).
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.