Hi guys! I suck in computers but I use it
for school, mail and stuff but maybe some
of u guys could help me out on this:

I've never had a virus before but yesterday
my AVG Antivirus told me that I had
toolber.d AND lovsan.a!! :( It did
succesfully remove them though and Im happy
for that, but three questions come up my
mind:

1) How did I get infected?? I am 100% sure
that I did not open any e-mail
attatchements, I have however gotten loads
and loads of spam but I have just deleted
them as they have arrived.. can you get
this toolber.d and lovsan.a just by surfing
around?? The thing is that I have a modem
connection, so I'm not online many hours at
the time.. could anyone explain this to
me??

2) What harm could these two viruses have
done?? The only problem I have experienced
(I think this could be the work of the
viruses, but I don't know, is this caused
by the viruses??) is that on startup a
folder opens automatically and on shutdown
I get a dialogue box with End
Program..Shutting down Explorer.exe and
then a message saying that it cannot close
Explorer and do I want to shutdown or
retry.

3) The folder still opens automatically at
startup and on shutdown I still get the
dialogue box when I try to shut down my
comp. Does this mean that the viruses are
still there even if AVG told me it removed
them??

If anyone could help a girl in need ;) with
answers to these 3 questions I would be
SOOOOOOOOOOOO GRATEFUL!!! :)

/Sandra

From http://ve.nod32.ch/worms/lovsan.php

"Due to the nature of the exploited vulnerability, the worm may infect an unprotected system without any intervention of a user. Win32/Lovsan.A is not a mass mailing worm."

This bug scans pc's that are connected to the internet looking for XP systems without the patch. When it finds one, it installs itself. It can do this because of the nature of this particular MS security hole.

What harm? It has already cost companies thousands of dollars because their servers are swamped with scans from infected machines. It could allow someone complete control of your system. It could cause continual crashes.

efabes is right. if you're unprotected, just being connected can infect you. lovsan is the MSblaster virus. the name comes from some text content in the header of the worm that is thought to be a salutation. (love sandy?)

thes routines are invaluable today:
AdAware
SpyBot
HijackThis

When you run these be careful what you delete. 1 rule of thumb, if you find something that has an uninstall listing in Add/Remove programs, remove them that way. these routines are ruthless in their pursuit of nasties and you could crash your system if you remove the wrong things. be very mindful of registry changes.

and when you have a clean bill of health load this:

Kerio

A firewall is only as good as the rules you create. If it gets in your face out of the blue (something you know you didn't innitiate) be VERY suspicious.