Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help Needed

We have recently been infected with the w32/lovegate virus. It appears that we have gotten rid of the virus, however since it has come along we have had our users getting kicked off the network 4 or more times per day. It is only happening to users that go through our cisco wireless AP's, no one else is being affected at all. Could the virus have gotten into the firmware or corrupted something else? One of the effects of the virus is increased network traffic, however it is not destructive it is just a bigtime nuisance.

Any assistance would be greatly appreciated.

Thank you

Community Member

Re: Help Needed

The following suggests that the virus can only infect

Windows NT, Windows 2000, Windows XP.

I think its unlikly to infect the Cisco Ap firmware.

I would assume that there is still a computer affected with the virus on your network. Try using a sniffer to trace the packets.


W32.HLLW.Lovgate.H@mm is a variant of W32.HLLW.Lovgate@mm. This variant is also a mass-mailing worm that attempts to email itself to all the email addresses it finds in the files whose extensions start with "ht." The subject and attachment of the incoming email are chosen from a predetermined list.

This worm also attempts to copy itself to all the computers on a local network, and then infect these computers. The worm also has Backdoor Trojan capabilities. By default, the Trojan component listens on ports 10168.

If the infected computer runs Windows NT, 2000, or XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE."

This threat is written in the C++ programming language and is compressed with ASPack.

CreatePlease to create content