W32/Lolol.E
Analysis
- Virus is 32bit, with a UPX compressed size of 17,440
bytes
- Virus may attempt to copy itself to the local system
if specific folders for file sharing application Kazaa
exists – the virus uses the following folders
and copies the files mentioned below into them
C:\My Downloads\
c:\program files\kazaa lite\my shared folder\
c:\program files\kazaa\my shared folder\
how to use a shell.pif
Virtua Girl (Full).exe
worldbook.exe
HotGirls.exe
Virtua Sex.exe
fuck.exe
GTA 3 Serial.exe
GTA 3 Crack.exe
gta3.exe
driver.exe
virtua girl - completely nude.pif
virtua girl - bailey short skirt.pif
virtua girl - adriana.pif
virtua girl - ALL.pif
virtua girl - bunny.pif
virtua girl - Rebecca.pif
virtua girl - jenn.pif
virtua girl - courtney.pif
virtua girl - mandy.pif
virtua girl - hells angels.pif
virtua girl - business woman.pif
virtua girl - judith.pif
virtua girl - wet and wild.pif
virtua girl - vera.pif
virtua girl - tennis girl.pif
virtua girl - victoria.pif
virtua girl - nikki.pif
virtua girl - chole.pif
virtua girl - melina black pepper.pif
virtua girl - jammie williams.pif
virtua girl - nikki taylor.pif
virtual girl - completely nude.pif
virtual girl - bailey short skirt.pif
virtual girl - adriana.pif
virtual girl - ALL.pif
virtual girl - bunny.pif
virtual girl - Rebecca.pif
virtual girl - jenn.pif
virtual girl - courtney.pif
virtual girl - mandy.pif
virtual girl - hells angels.pif
virtual girl - business woman.pif
virtual girl - judith.pif
virtual girl - wet and wild.pif
virtual girl - vera.pif
virtual girl - tennis girl.pif
virtual girl - victoria.pif
virtual girl - nikki.pif
virtual girl - chole.pif
virtual girl - melina black pepper.pif
virtual girl - jammie williams.pif
virtual girl - nikki taylor.pif
winxp.iso.pif
super mario brothers.exe
super mario bros.exe
ut 2k3.pif
ut 2k3.exe
anarchist cookbook.pif
NBA 2003 serials.epif <= typo by virus author
NBA 2003 Crack.exe
NBA 2003.exe
play station emulator crack.exe
play station emulator.exe
warcraft 3 serials.pif
warcraft 3 crack.exe
100 free essays school.pif
aol password cracker.exe
aim password cracker. <= typo by virus author
aol cracker.exe
aim cracker.exe
steal usernames.exe
how to hack.exe
divx pro.exe
fireworks.exe
fireworks serial.pif
fireworks crack.exe
porn screen saver.scr
supra screen saver.scr
hondra screen saver.scr
pamela anderson screen saver.scr
age of empires 2 cheats.exe
age of empires 2.exe
age of empires 2 help.exe
age of empires 2 serial.pif
age of empires 2 serials.pif
age of empires 2 keygen.exe
age of empires 2 crack.exe
hotmail hack.exe
- Using system DLL files, the virus may check to
see if the computer is connected to the Internet by
identifying the connected state and then send a broadcast
message across the Internet that the system is vulnerable
- Virus may copy itself into the Windows\System folder
and then modify the system registry in order to load
at Windows startup –
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Configuration Loader = winsys.exeHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
Configuration Loader = winsys.exe -
Virus may attempt to bind a TCP port and act as a remote access Trojan