Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


LORRAINE.EXE PROCESS INFORMATION

Process Name  : Lorraine.exe

Process Path : %SYSTEM%\Lorraine.exe [ C:\Windows\system32\Lorraine.exe ]

Process type    : Internet Worm

Malware Name : W32.Mapson@mm

Alias             : I-Worm.Mapson, W32/Mapson-A, WORM_MAPSON.A, W32/Mapson.Worm, W32/Lorraine

Threat level : Low

Process Details

                     Lorraine.exe is the main component dropped by Mapson. It is an e-mail and file sharing network worm. It collects e-mail addresses stored in MSN contact list to distribute infected messages. Mapson worm uses random message subject and message body given in the worm body. The worm uses its own SMTP engine to send infected mails.

                     When the worm file is executed, it copies itself to Windows system folder with multiples file names as given below. The worm also uses this dropped copy as e-mail attachments.

Lorraine.exe
amigos.pif
amigototote.pif
amor-por-ti.pif
antiwinlogon.pif
antrox.scr
BigBrother.pif 
bugmsn.pif
chistesgraficos.pif
chupamelo.pif
comotegustan.pif
CracksPPZ.pif
cristina-aguilera.pif
defaced-madonna-site.pif
eggbrother.exe
EICAX.COM
existeee.pif
financiamiento.pif
GEDZAC.PIF
grancarnal.exe
grande.pif
hackeahotmail.pif
historial.pif
hotmail.pif
kamasutra.pif
lacosha@hotmail.com
LatinCard.pif
linuxandmicrosoft.pif
Lorenaaaa.pif
Madonna_sEXY.pif
MariaVirgen.pif
Matrix-Trailer.pif
mujeres.pif
Musica.pif
No-Spam.exe
nuevovirus.txt .pif
Oradores.pif
osamabinhuevoback.exe
parejaideal.txt.pif
petardas.pif
porqueteamo.pif
projimo.pif
relacionsexual.pif
resetarios.pif
SARS.pif
seguridad_en_hotmail.pif
serhacker.pif
Shakira.pif
solo-a-ti.pif
Spamno.pif
teamo.exe
te-pido.scr
test-idiota.pif
testpasion.pif
thalialoca.pif
TutorialVBSvirus.pif
WindowsMediaPlayerBug.pif
www.mfernanda.com
www.vsantiviru.com
www.zonaviru.com
zorrotttas.pif 

                     Mapson modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Lorraine"= C:\%System%\Lorraine.exe 

                     If the current month is July, Mapson worm displays two message boxes about the worm. If the current date is 4th, the worm displays the details from the dropped file C:\lorraine.hta. This HTML formatted file contains the virus author website, author and worm details. This worm is appeared on the beginning of Jun 2003.

How can I protect my system?

                   Solo has incorporated Lorraine.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with Lorraine.exe, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Mapson@mm worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link