[All About PC] Virus Loveletter

Latest Reviews

ABIT VP6

ASUS A7V133

EPOX 8KTA3+

DEEP OCEAN SCREEN SAVER

Reviews

Mainboards:
	EPOX 8KTA3+
	ASUS A7V133
	ABIT VP6
	PC133 ON BX-BOARDS
Graphics Cards:
	ABIT SILURO T400
CD-ROM:
	ASUS CD-S500/A
	TEAC CD-540E
	MITSUMI FX 4820
CD-Writers:
	PLEXWRITER 12/10/32A
	MITSUMI CR-4805TE
	MITSUMI CR-4804TE
	LG CED-8042B
Software:
	DEEP OCEAN SCREEN SAVER

Virus Descriptions

	LOVELETTER
	PLAGE2000
	W32/MELTING
	W32/MYPICS
	W32/NEWAPT
	W32/PRETTY
	BABYLONIA
	SANTANA
	W97M/LENNI
	W97M/MELISSAT
	W97M/MICHAEL-B
	W97M/PRILISSA
	FUNLOVE
	WIN95.SMASH

Danger
Diffusion

The virus causes more damage than the well known Melissa-virus

Loveletter:

Virus name	Loveletter
Operating systems	Windows 9x/2000/NT
Type	Internet-Worm and Trojan
Variants	Loveletter.A

Infection:
The virus spreads via Email. The infection mail has the appearance:

Subject	ILOVEYOU
Text	kindly check the attached LOVELETTER coming from me
Attachment	LOVE-LETTER-FOR-YOU.TXT.vbs

This Email will be transfered to all adresses in the outlook adressbook, if you execute the attachment.

Payload:
The virus causes several damage on your system:

The attachment is a visual basic script ans changes registry entries for the Kernel32 (it overwrites the WIN32.DLL, which is executed at every boot routine)
The worm changes all files on your PC, which have the endingVBS, VBE, JS, JSE, CSS, WSH, SCT, HTA, JPG, JPEG, MP3 or MP2.
It integrates files in the windows directories:
- MSKERNEL32.VBS in Windows\ System directory
- WIN32DLL.VBS in Windows directory
- LOVE-LETTER-FOR-YOU.TXT.vbs in Windows\ System directory
- WINFAT32.EXE in Windows\Downloaded Program Files directory
- WIN-BUGSFIX.EXE in Windows\Downloaded Program Files directory
- script.ini in mIRC directory
It changes the starting page of the browser for a download of a file named WIN-BUGFIX.EXE. This file was now removed from the net.
The Outlook-adressbook will be searched for Email adresses and an infectionmail will be sent to every found adress

Warning:
In great companie networks everyone has the same global adress book, so the Exchange-server will send so many Emails, that he will not work anyway.

Protection:
Outlook user are very endangered. Achieving an infectionmail this should be deleted at once. Don't open it! In the browser options the Active Scripting should be deactivated after getting an infection mail. After this the mail can be marked and deleted without any damage.
The mail should neither be opened nor the attachment should be double clicked. Many Anti-virus programs have updates in the net:

Remarks:
The worm comes from asia and has infected many companies on Thursday, the 27th of April 2000. On the 4th of may it reached europe and infects the networks a Microsoft, ZDF or Siemens for example.

Copyright by All-About-PC. All rights reserved.
All information on this website is protected by international law. Any reproduction or publication without the agreement of the editorial office is prohibited. Please respect the work of others.
Although all information on this website is hardly recherched and mostly checked and confirmed from secondary side, we do not take the responsibillity for any damage originated from the use of the information on our site.