Spy Sweeper with AntiVirus

The most award-winning anti-spyware software

Spy Sweeper with Antivirus

Get serious about removing spyware with Spy Sweeper - the award-winning anti-spyware software trusted by millions of home computer users.

Add to Cart Button

$29.95

Spyware & Virus Directory

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 

W32.HLLW.Lovgate Removal Tool

Discovered: July 9, 2004
Updated: January 18, 2006 03:05:31 PM ZE9
Type: Removal Information

SUMMARY



What the tool does

Version 1.1.9.6 of the W32.HLLW.Lovgate@mm Removal Tool is now available for downloading. This tool will remove the following threats, as well as their side effects:

W32.HLLW.Lovgate@mm
W32.HLLW.Lovgate.B@mm
W32.HLLW.Lovgate.C@mm
W32.HLLW.Lovgate.D@mm
W32.HLLW.Lovgate.E@mm
W32.HLLW.Lovgate.F@mm
W32.HLLW.Lovgate.G@mm
W32.HLLW.Lovgate.H@mm
W32.HLLW.Lovgate.I@mm
W32.HLLW.Lovgate.J@mm
W32.HLLW.Lovgate.K@mm
W32.HLLW.Lovgate.L@mm
W32.Lovgate.R@mm
W32.Lovgate.W@mm
W32.Lovgate.X@mm
W32.Lovgate.Y@mm
W32.Lovgate.Z@mm
W32.Lovgate.AD@mm
W32.Lovgate.AO@mm

The removal tool:
  1. Determines whether the computer is infected with any of the aforementioned variants of W32.HLLW.Lovgate@mm.
  2. Locates and removes all the files that comprise the worm.
  3. Locates and removes the following values from the registry key, HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun:

    syshelp
    WinGate initialize
    Module Call initialize

    Some variants may also create the following registry key values under the same key, which the removal tool will also delete:

    winhelp
    Remote Procedure Call Locator
    Program in Windows
  4. Removes the following registry keys:

    HKEY_LOCAL_MACHINESoftwareKittyXP.sqlInstall
    HKEY_LOCAL_MACHINESoftwareKittyXP.sql
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdll_reg
    HKEY_CLASSES_ROOT xtfileshellopencommand


    NOTE: The worm overwrites any user-defined value that the key previously contained. Therefore, once the computer has been infected, it is not possible to retrieve the information contained in these keys.

  5. Locates the registry key:

    HKEY_LOCAL_MACHINESoftwareclasses xtfileshellopencommand

    and changes the (Default) value from:

    winrpc.exe %1

    or:

    Update_OB.exe %1

    to:

    notepad.exe %1
  6. Locates the registry key:

    HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows

    and removes the value:

    run RAVMOND.EXE
  7. Stops and deletes the following services:

    Window Remote Service
    Microsoft NetWork Services FireWall
    Windows Management Instrumentation Driver Extension
    NetMeeting Remote Desktop (RPC) Sharing
  8. Finds the viral thread running under the Local Security Authority Service (lsass.exe), which is a legitimate Windows process that the worm uses when it infects a system, and then stops the thread from running.
  9. Removes all the files that the worm installed on the system.

Command-line switches available with this tool


Switch

Description

/HELP, /H, /?
Displays the help message.

/SILENT, /S
Enables silent mode.

/LOG=[PATH NAME]
Creates a log file where [PATH NAME] is the location in which to store the output of the tool. By default, this switch creates the log file, FixLG.log, in the same folder from which the removal tool was executed.

Obtaining and running the tool

NOTE: You must have administrative rights to run this tool on Windows NT 4/2000/XP.
  1. Download the FixLG.com file from: http://securityresponse.symantec.com/avcenter/FixLG.com.
  2. Save the file to a convenient location, such as your download folder, the Windows desktop, or removable media, which is known to be uninfected, if possible.
  3. To check the authenticity of the digital signature, refer to the Digital signature section.
  4. Close all the programs before running the tool.
  5. Double-click the FixLG.com file to start the removal tool.
  6. Click Start to begin the process, and then allow the tool to run.
  7. Restart the computer.
  8. Run the removal tool again to ensure that the system is clean.
  9. Run LiveUpdate to make sure that you are using the most current virus definitions.
Digital signature
FixLG.com is digitally signed. Symantec recommends that you use only copies of FixLG.com, which can be downloaded from the Symantec Security Response Web site. To check the authenticity of the digital signature, follow these steps:
  1. Go to http://www.wmsoftware.com/free.htm.
  2. Download and save the Chktrust.exe file to the same folder in which you saved FixLG.com (for example, C:Downloads).
  3. Depending on your operating system, do one of the following:
    • Click Start, point to Programs, and then click MS-DOS Prompt.
    • Click Start, point to Programs, click Accessories, and then click Command Prompt.
  4. Change to the folder in which FixLG.com and Chktrust.exe are stored, and then type:

    chktrust -i FixLG.com

    For example, if you saved the file in the C:Downloads folder, you would enter the following commands (pressing Enter after typing each command):

    cd
    cd downloads
    chktrust -i FixLG.com

    If the digital signature is valid, you will see the following:

    Do you want to install and run "W32.HLLW.Lovgate Removal Tool" signed on 8/26/2004 8:57 AM and distributed by Symantec Corporation?

    NOTES:
      • The date and time that appear in this dialog box will be adjusted to your time zone if your computer is not set to the Pacific time zone.
      • If you are using Daylight Saving Time, the time that appears will be exactly one hour earlier.
      • If this dialog box does not appear, there are two possible reasons:
        • The tool is not from Symantec: Unless you are sure that the tool is legitimate and that you downloaded it from the legitimate Symantec Web site, you should not run it.
        • The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec. For information on this and on how to view the confirmation dialog again, read the document, "How to restore the Publisher Authenticity confirmation dialog box."

  5. Click Yes to close the dialog box.
  6. Type exit, and then press Enter. (This will close the MS-DOS session.)

Running the tool from a floppy disk
  1. Insert the floppy disk, which contains the FixLG.com file, in the floppy disk drive.

  2. Click Start, and then click Run.

  3. Type the following:

    a:FixLG.com

    and then click OK.

    NOTE: There are no spaces in the command, a:FixLG.com.
  4. Click Start to begin the process, and then allow the tool to run.

  5. If you are running Windows Me, re-enable System Restore.



Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep: With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep: Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps: Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management: Quickly and simply configure program, sweep and upgrade options

Fast Home: Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary: A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts: Receive clear, easy-to-understand notifications when new spyware threats are detected

"Spy Sweeper remains a favorite for protection from spyware."



"This program's dominance is apparent as soon as you install it."