Aliases: Win32/HLLW.Lovit, WORM_LOVIT.A, Worm/Lovit, Win32:HLL-Lovit, Win32.HLLW.Lovit.A
Variants: Virus.Win32.HLLW.Lovit, Win32.HLLW.Lovit, W32/Lovit.worm, Win32.HLLW.Hurt.24064, W32/Lovit-A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 02 Oct 2002
Damage: Low

Characteristics: According to some antivirus vendors the W32.Lovit malware is primarily considered as inactive because of the limited number of computer systems that still make use of floppy drives. This particular virus has been identified to make use of floppy disk media to be able to spread its codes to other computer systems. Like most viruses it targets mostly executable files stored in the infected computer system by corrupting or replacing them with dangerous codes.

More details about W32.Lovit

The W32.Lovit malware has been identified by some computer security experts to target the executable file of the Windows Help service. This virus replaces the filename of the original executable file and proceeds by replacing it with its own infected version. The W32.Lovit will also create executable copies of its codes into the directory of the operating system. It will likewise create an HLP format file into a subfolder of the directory. The W32.Lovit will scan the computer system to check for the presence of a floppy drive and if a floppy disk is present in the drive. Once a floppy disk is detected it will create an executable copy of itself into drive A using random filenames from a predetermined list.

The W32.Lovit will modify the contents of the Windows initialization file by adding a LOAD command under the Windows section. A new key value will be added into the Windows Registry service that are linked to the executable files of the virus. These routines initiated by the W32.Lovit malware are intended to allow it to run automatically at every boot up or restart instance of the infected computer system. Floppy disks that are infected by the W32.Lovit when used in vulnerable computer systems will automatically launch the infection when accessed by an unsuspecting computer user.