To Stop LOVE-LETTER-FOR-YOU


Go to Task Manager
stop process WSCRIPT.exe

delete these files wherever you find them:
LOVE-LETTER*.*
MSKernel32.vbs
Win32DLL.vbs
WIN-BUGSFIX.exe (probably not there)

------------
search for all *.vbs files created today on all drives
Any that are 11K are definitely infected.
All .vbs and .vbe files have probably been overwritten and lost.

------------
Anybody with MIRC has had a script.ini file created in default MIRC directory with virus.

------------
Will need to fix registry entries as well,

Delete these registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\Win32DLL


more to come?....
--------

Home/Start page for Inet explorer changed, looks like no harm because site it points to has been taken down.
--------

Rebooting will not cure!

Stupid me, started the ball in our office today while trying to clean the virus from my email. Luckily I stopped it early. I pulled the internet T1 connection till I could stop the mail service and manually clean the mail server.
Only 4 people internal opened the message and I used the method above to clean their pc's
But from what I've heard on the news, its affecting more than any other virus yet.


bthom70

Recycle Bin is not safe enough, you need to delete it from there as well so that you don't risk it being restored.

You can now get the fix from the Symantec FTP site. I think their website is still swamped, so try the FTP site at
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/

This is where I download my definitions from. You may need to switch directories depending on location and language.

[This message has been edited by nilknarf (edited 05-04-2000).]

i've written a little program that seems to disable it pretty well. if anyone's interested feel free to email me.

At the user level, or for piece of mind, you can write a rule in Outlook tools to reject any mail with those characters as well.

Please Explain how to do that. I have been in Outlook and have seen what you are talking about. Ho wdo I need to go about setting it up though.

Yes I received over 50 emails with it, but was wise enough to not open them.

I heard you can get this through IRC, and would like to know how, and how you can prevent this.

-Brian

I haven't got it yet but if I do and delete it is it really deleted? I know it goes to the recycle bin is that safe enough?

You can route these love letters directly into your deleted folder:

In Outlook, click on tools, Rules wizard, then select "message based on content". Under "specific Words", add in "love-letter"
(punctuation and CAP's not a factor)You may have to add another rule like "ILOVEYOU" if you have "sent confirmation" turned on.

Under specific folder select "deleted items" as the path to route them to.

Now they will route directly to your deleted folder, which you will have to empty out throughtout the day(s) to come. http://sysopt.earthweb.com/forum/smile.gif



[This message has been edited by Toadman (edited 05-05-2000).]