Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


VBS/LOVE LETTER WORM SPREADS RAPIDLY

Virus Name  : VBS/LoveLetter

Alias             : I-Worm/LoveLetter

Virus type    : VB Script worm

Threat level : High

Virus details :

                     VBS/LoveLetter is a VB Script uses Microsoft outlook and Mirc clients to spread. It is spreading faster than Melissa virus. It causes heavy e-mail traffic and downs many mail servers. The new variant VBS/NewLove charges deadly payload and it will damage all files in the system.

                     When opening the e-mail attachment, will create MSKernel32.vbs, LOVE-LETTER-FOR-YOU.TXT.VBS files in windows system folder and Win32Dll.VBS in windows folder. Then it changes the registry settings so that the the script is automatically executed when the system is restarted. The .VBS extension will not appear if windows scripting host is installed. This worm takes advantage of this and blinds the user to open attachment.

                     It opens the Microsoft Outlook Address book and sends email to all the email ids stored in that. The message subject will be "I Love you", the message body will be "kindly check the attached love letter coming from me" and the attachment name will be "LOVE-LETTER-FOR-YOU.TXT.VBS". Then the virus searches for all local and remote drives and overwrites .js, .hta, .css, .wsh, .sct and .hta files with the script. It overwrites jpg, jpeg files with the virus code and renames to .vbs extension. In case of mp2 and mp3 files it hides the original file and creates a new file with .vbs extension and writes its code there.

                     It also tries to download a file from virus author's site. If the file is downloaded it modifies the registry to run the file on each reboot. It is a password stealing trojan will be stored in the name of WIN-BUGFIX.EXE. There are several variants of VBS/LoveLetter is reported in the wild. Most of them arrives with different names like LOVE-LETTER-FOR-YOU.TXT.VBS, mothersday.vbs, Urgent_virus_warning.vbs, IMPORTANT.TXT.VBS, Virus-Protection-Informations.vbs, ArabAir.TXT.vbs, BEWERBUNG.TXT.vbs, KillEmAll.TXT.vbs, protect.vbs or Very Funny.vbs. There are more than 25 variants reported in the wild now.

Few variants information:

Mother'sday Variant:

This variant of VBS/Loveletter mail carries the following details.

Subject: Mothers Day Order Confirmation

Message Body: We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com'

Attachment: mothersday.vbs

Susitikim Variant:

Subject: Susitikim shi vakara kavos puodukui...

Message Body: Kindly check the attached LOVE LETTER coming from me.

Attachment: LOVE-LETTER-FOR-YOU.TXT.VBS

Very funny Variant:

Subject: fwd:Joke

Message Body: ---

Attachment: Very Funny.vbs

Unix Variant:

This variant is written in shell script using the VBS/LoveLetter concept. This variant is not wide spread in the wild.

How can I protect my system?

                   Solo has incorporated VBS/LoveLetter worm and its variants in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

                     To protect your system against infection, disable Windows Scripting Host by following these steps: Click the Start button, Settings, Control Panel, then select Add/Remove Programs, then select the Windows Setup tab, then double-click Accessories, scroll down to Windows Scripting Host, and uncheck the box. Save changes and close the window.

How to remove this worm?

                   If you are already infected with this worm, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove LoveLetter worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link