Downloader.Lunii

Downloader.Lunii is a Trojan horse program that attempts to download remote files, terminate adware products, and delete files.



Removing entries from the Hosts file
If this threat has modified the Windows Hosts file, you will no longer be able to open any of the sites mentioned in step 6 of the "Technical Details" section. These sites appear to be mostly adult content-related or under construction.

If you need access to these sites, and the entries that are added to the Hosts file are blocking them, you can edit the Hosts file and remove them.



To edit the Hosts file and remove all the entries that the worm added

Note: The location of the Hosts file may vary and some computers may not have this file. For example, if the file exists in Windows 98, it will usually be in C:\Windows; and it is located in the C:\WINNT\system32\drivers\etc folder in Windows 2000. There may also be multiple copies of this file in different locations.


Follow the instructions for your operating system:

• Windows 95/98/Me/NT/2000
  1. Click Start, point to Find or Search, and then click Files or Folders.
  2. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
  3. In the "Named" or "Search for..." box, type:
     
     hosts
     
     
  4. Click Find Now or Search Now.
  5. For each Hosts file that you find, right-click the file, and then click Open With.
  6. Deselect the "Always use this program to open this program" check box.
  7. Scroll through the list of programs and double-click Notepad.
  8. When the file opens, delete all the entries in step number 6 of the "Technical Details" section.
  9. Close Notepad and save your changes when prompted.
     
     
• Windows XP
  1. Click Start > Search.
  2. Click All files and folders.
  3. In the "All or part of the file name" box, type:
     
     hosts
     
     
  4. Verify that "Look in" is set to "Local Hard Drives" or to (C:).
  5. Click More advanced options.
  6. Check Search system folders.
  7. Check Search subfolders.
  8. Click Search.
  9. Click Find Now or Search Now.
  10. For each Hosts file that you find, right-click the file, and then click Open With.
  11. Deselect the Always use this program to open this program check box.
  12. Scroll through the list of programs and double-click Notepad.
  13. When the file opens, delete all the entries in step number 6 of the "Technical Details" section.
  14. Close Notepad and save your changes when prompted.

Protection

• Initial Rapid Release version October 4, 2004
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version October 4, 2004
• Latest Daily Certified version August 20, 2008 revision 016
• Initial Weekly Certified release date October 6, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: Low