Anyone heard of the "i love you" virus??

My free anti virus software (AVG 7.0) checks my emails. Doesn’t your
paid for software do that? :shock:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98617

Sounds like your pics and music could be KAPUT! And you’ll have
to do a clean install. :roll:
Who sent you the virus?

http://getvirushelp.com/iloveyou/

What is ILoveYou.vbs?

LoveLetter is a Win32-based e-mail worm. It overwrites certain files on your hard drive(s) and sends itself out to everyone in your Microsoft Outlook address book.

How do I get it?

LoveLetter arrives as an email attachment named: LOVE-LETTER-FOR-YOU.TXT.VBS though new variants have different names including Very Funny.vbs, virus_warning.jpg.vbs, and protect.vbs. The subject of the message containing the attachment varies as well. Opening the attachment infects your machine. This attachment will most likely come from someone you know. Don’t open any attachments unless you are sure that it is virus free. If you’re unsure, ask for the sender to confirm that the attachment was intended for you. You’ll know you have the worm if you have difficulty opening MP3 and JPG files.

Who’s at risk?

Windows 2000, NT, and 9x users who have Internet Explorer 5 installed on their systems. Those running MacOS and WebTV are immune to the virus.

What exactly does the virus do to my computer?

When you open an infected file, the virus creates copies of itself under the following file names:

C:WINDOWSSYSTEMMSKERNEL32.VBS
C:WINDOWSWIN32DLL.VBS
C:WINDOWSSYSTEMLOVE-LETTER-FOR-YOU.TXT.VBS
C:WINDOWSSYSTEMLOVE-LETTER-FOR-YOU.HTM
C:WINDOWSSYSTEMLOVE-LETTER-FOR-YOU.TXT.vbs
C:WINDOWSSYSTEMUrgent_virus_warning.htm
C:WINDOWSSYSTEMKILER.HTM
C:WINDOWSSYSTEMmothersday.HTM
C:WINDOWSSYSTEMVery Funny.vbs
C:WINDOWSSYSTEMVery Funny.htm
C:WINDOWSSYSTEMmothersday.vbs
C:WINDOWSSYSTEMvirus_warning.jpg.vbs
C:WINDOWSSYSTEMvirus_warning.HTM
C:WINDOWSSYSTEMIMPORTANT.TXT.vbs
C:WINDOWSSYSTEMIMPORTANT.HTM
C:WINDOWSSYSTEMprotect.vbs
C:WINDOWSSYSTEMprotect.htm
C:WINDOWSSYSTEMKillEmAll.TXT.VBS
C:WINDOWSSYSTEMArabAir.TXT.vbs
C:WINDOWSSYSTEMno-hate-FOR-YOU.HTM
C:WINDOWSSYSTEMVirus-Protection-Instructions.vbs
C:WINDOWSSYSTEMVirus-Protection-Page.HTM

The follwing values are added to the registry to run that virus code at system start up: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun MSKernel32=C:WINDOWSSYSTEMMSKernel32.vbs

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices Win32DLL=C:WINDOWSWin32DLL.vbs

A value is added at HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainStart Page” to point to one of several URLs in an attempt to download a password stealing Trojan. If this Trojan is downloaded sucessfully, LoveLetter configures your machine to run it at start up.

If the BUGSFIX.exe is downloaded this key is also written:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunWIN-BUGSFIX

The virus also does the following:

The virus scans your local and network drives for files containing these extensions:
.css .hta .js .jse .sct .wsh Variants look for other files (ie. .bat .com)
The contents of these files are replaced with the virus code and the file’s extension is changed to .vbs
The contents of any existing .vbe or .vbs file is replaced with the virus code
The contents of most .jpg and .jpeg files are replaced with the virus code and .vbs is added to the existing extension (ie pic.jpg.vbs) Variants effect other extensions (ie. .gif .bmp)
Some of these files seem to be immune to the virus and are left alone
Copies are made of all .mp2 and .mp3 files and the .vbs extension is added to the end.
The original files are left intact, but marked hidden Variants look for other files (ie. .mid .wav)
The virus also tries to send itself out via mIRC and to those in your Outlook address book
All files which have had their contents replaced with the virus code can not be retrieved and they must be restored by a backup copy.

Is there a way that I can clean my computer?

Yes, you can follow these instructions
OR download my free ILoveYouCleaner program, ( http://getvirushelp.com/iloveyou/ ) and run it.

— Begin Instructions —

Click the START MENU – RUN, type regedit and click OK
Go to HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain and delete Start Page
Go to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionrun and delete MSKernel32
Go to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices and delete Win32DLL
Go to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun. If there is an entry for WIN-BUGSFIX, delete it
Click the START MENU – RUN, type %windir% and hit OK
Delete Win32DLL.vbs
Open you System directory (System32 for WinNT/2000) and delete the files
MSKernel32.vbs
WINFAT32.EXE
LOVE-LETTER-FOR-YOU.HTM
LOVE-LETTER-FOR-YOU.TXT.vbs
Urgent_virus_warning.htm
KILER.HTM
mothersday.HTM
Very Funny.vbs
Very Funny.htm
mothersday.vbs
virus_warning.jpg.vbs
virus_warning.HTM
IMPORTANT.TXT.vbs
IMPORTANT.HTM
protect.vbs
protect.htm
KillEmAll.TXT.VBS
ArabAir.TXT.vbs
no-hate-FOR-YOU.HTM
Virus-Protection-Instructions.vbs
Virus-Protection-Page.HTM

Click the START MENU – FIND – FILES or FOLDERS, type WIN-BUGSFIX.exe and hit ENTER. Delete any files that are found
Click the START MENU – FIND – FILES or FOLDERS, type *.*.vbs and hit ENTER. Delete any files that are found
Click the START MENU – FIND – FILES or FOLDERS, type .vbs
Under Containing text, type loveletter (this may be under the Advanced tab for you) and hit ENTER. Delete any files that are found
Empty your recycle bin and reboot
What can I do to protect myself in the future?

Get a good anti-virus scanning program with active protection. These programs will scan files as they are saved to your computer’s storage devices, including incoming email attachments. If you’ve gotten away without any virus protection so far, then you’ve been lucky! (or perhaps not and you are just not aware of what’s on your machine). With the new propagation methods that have been used by recent viruses, many other viruses, worms, and trojans are sure to surface and spread like wild fire over the next few years.

Network Associates McAfee VirusScan is one of the best and most popular virus scanners on the market. I use McAfee VirusScan. Their automated update and upgrade features are very handy and the program is straightforward and easy to use. Please follow the links bellow to learn more about these programs.

Is there anything more I should do?

Yes! These programs can only do their jobs if you keep their virus definitions up to date. A program’s virus definition list is basically a text file that contains a list of all known viruses “in the wild” and tells the program how to recognize these viruses. A number of new viruses are discovered every day, so it is recommended that you update your program’s virus definitions at least once a week. A number of the software titles can now be scheduled to update themselves. However, you must be connected to the Internet at the time that they run their updates.

Durrr Impossible, Microsoft Hotmail filter the I-love-you worm????. And since when did Spybot remove the I-LOVE-YOU Worm???

http://www.62nds.co.nz/pg/e91f.php?PHPSESSID=e36bcaa03b08fbf1c72f550a25f14aad