Lovesan worm. This worm scans several IP networks (randomly choosen) to get access to port 135 (COM). The worm sends a buffer-overrun request to vulnerable computers. The newly infected machine then initiates the command shell on TCP port 4444. Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected. Removal: remove it from startup by antivirus (also check How To Remove section)Startup Optimizer.