Back to the Homepage
german version

An easy guide to build yourself a PC
Hardwaretests: Testresults and benchmarks
Viruses: Prophylaxis, identification, removal

All About PC - get in contact
All About PC - Impressum
Links

 Latest Reviews 

Click to read the review!
ABIT VP6
Click to read the review!
ASUS A7V133
Click to read the review!
EPOX 8KTA3+
Click to read the review!
DEEP OCEAN SCREEN SAVER

 Reviews 
 Virus Descriptions 


Danger
Diffusion

The virus causes more damage than the well known Melissa-virus

Loveletter:

Virus name

Loveletter

Operating systems 

Windows 9x/2000/NT

Type

Internet-Worm and Trojan

Variants

Loveletter.A

Infection:
The virus spreads via Email. The infection mail has the appearance:

Subject ILOVEYOU
Text kindly check the attached LOVELETTER coming from me
Attachment LOVE-LETTER-FOR-YOU.TXT.vbs

This Email will be transfered to all adresses in the outlook adressbook, if you execute the attachment.

Payload:
The virus causes several damage on your system:

  • The attachment is a visual basic script ans changes registry entries for the Kernel32 (it overwrites the WIN32.DLL, which is executed at every boot routine)
  • The worm changes all files on your PC, which have the endingVBS, VBE, JS, JSE, CSS, WSH, SCT, HTA, JPG, JPEG, MP3 or MP2. 
    It integrates files in the windows directories:
    • MSKERNEL32.VBS in Windows\ System directory
    • WIN32DLL.VBS in Windows directory
    • LOVE-LETTER-FOR-YOU.TXT.vbs in Windows\ System directory
    • WINFAT32.EXE in Windows\Downloaded Program Files directory
    • WIN-BUGSFIX.EXE in Windows\Downloaded Program Files directory
    • script.ini in mIRC directory
  • It changes the starting page of the browser for a download of a file named WIN-BUGFIX.EXE. This file was now removed from the net.
  • The Outlook-adressbook will be searched for Email adresses and an infectionmail will be sent to every found adress

Warning:
In great companie networks everyone has the same global adress book, so the Exchange-server will send so many Emails, that he will not work anyway.

Protection:
Outlook user are very endangered. Achieving an infectionmail this should be deleted at once. Don't open it! In the browser options the  Active Scripting should be deactivated after getting an infection mail. After this the mail can be marked and deleted without any damage.
The mail should neither be opened nor the attachment should be double clicked. Many Anti-virus programs have updates in the net:

Remarks:
The worm comes from asia and has infected many companies on Thursday, the 27th of April 2000. On the 4th of may it reached europe and infects the networks a Microsoft, ZDF or Siemens for example.

Copyright by All-About-PC. All rights reserved.
All information on this website is protected by international law. Any reproduction or publication without the agreement of the editorial office is prohibited. Please respect the work of others. 
Although all information on this website is hardly recherched and mostly checked and confirmed from secondary side, we do not take the responsibillity for any damage originated from the use of the information on our site.