What is a iloveyou virus?

Iloveyou virus is a mainly mail-borne worm, the virus through the false cloak of iloveyou, deceive the relevant user to open their memory of the VBS attachment to infect the virus. After the infection, the virus will spread through the Outlook Address Book, and in this machine to search a large number of related accounts and passwords, and sent to the developer, is a malicious virus. So to remind the vast number of computer users alert to unknown mail, do not open the source of unknown messages included in the attachment.

Virus information

"Virus name" I Love you virus

"Virus alias" love letter virus or Loveletter virus

"Vigilance level" ★★★☆

"Virus type" worm virus

"Poisoning Symptoms" attached file name: *.mp3, *.vbs, *.jpg, *.jpeg, *.hta, *.vbe, *.js, *.jse .... The attachment name for the 10 file formats will be changed to *.vbs.

Mode of transmission

Through an e-mail message titled "ILOVEYOU" (I Love You), the attachment is "Love-letter-for-you.txt.vbs" (For Your Love letters), Letter contents "Kindly check the attached Coming from me.

Virus Hazard

The virus sends automated letters to the list of infected people in the Outlook Address Book, causing the Enterprise mail server to become paralyzed by cascading mass dispersal. When the virus occurs, it will infect and overwrite the attached file name: *.mp3, *.vbs, *.jpg, *.jpeg, *.hta, *.vbe, *.js, *.jse .... 10 file formats; After the document is overridden, the attachment name will be changed to *.vbs. "Vbs_loveletter" virus and beauty of the biggest difference is that the virus will only the first 50 of the Address Book spam, and the "Vbs_loveletter" virus is sent to all the list of Address Book automatic mail, its spread faster than the beautiful kill virus several times, More destructive power. It also wantonly copies itself to cover music and picture files. Even more exasperating is that it will be on the infected machine search the user's account number and password, and sent to the virus author.

Infection steps

1. The first time you open a virus file, the virus automatically produces the following files in the Windows directory

Windowswin32dll.vbs

Systemmskernel32.vbs

Systemlove-letter-for-you.txt.vbs.

Systemlove-letter-for-you.txt.html.

2. When you reboot the virus and modify the following Windows login values. Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunmskernel32 ",: Windowssystem MSKernel32.vbs

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunserviceswin32dll ",: WindowsWin32DLL.vbs.

3. Find WinFAT32.exe in the Windowssystem catalogue. If the file exists, it modifies Internet Explorer and opens the Win-bugsfix.exe in a specific Web site

4. Next virus will be in: Windowssystem directory, looking for Win-bugsfix.exe

Modifying the Internet Explorer start stroke to "About:blank" and modifying Windows logon values if the file does not exist

5. This virus will spread through Microsoft outlook and will be "love-letter-for-you." TXT.vbs "attached to e-mail and transmitted to the account number recorded in the Personal Address Book. The contents of the letter are:

Theme: ILOVEYOU.

Content: Kindly CHECK the attached loveletter COMING from ME.

In addition, the virus will start tampering with mIRC Script.ini files

This can cause users to use mIRC and chat online. The virus automatically calls DCC send instructions to other users of the same chat room and transmits diseased files to these users, "love-letter-for-you." HTM "

6. This virus will seek the following files with file names:

. vbs. VBE. js. jse. css. wsh. SCT. hta. jpg. jpeg. mp3. MP2

When found, the virus program is overwritten in the file. and the filename is modified to the format of +. vbs. Causes the file to not execute correctly.

Antivirus method

1. Prevention.

When you receive the letter titled "ILOVEYOU" e-mail, should be deleted immediately, do not open the attachment to avoid poisoning. It should then be deleted immediately, even if the sender is the name you are familiar with, do not open additional files to avoid poisoning.

2. Automatic Antivirus.

1 Install anti-virus software, the implementation of automatic anti-virus.

2) Search ILOVEYOU virus cleaner. After installation antivirus.

3. Manual Antivirus

Receive the letter titled "ILOVEYOU" e-mail, should be deleted immediately, even if the sender is the name you are familiar with, do not open additional documents to avoid poisoning.

1. Click to start => execution

2. Input regedit

3. Find the following path and delete Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunmskernel32 "

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunserviceswin32dll "

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunwin-bugsfix "

4. Delete the following files:

Windowswin32dll.vbs

Systemmskernel32.vbs

Systemlove-letter-for-you.txt.vbs

Systemlove-letter-for-you.txt.html