Re: FLASH: FW: WARNING: e-mail bomb alert !! Solution for the LoveYou virus, ADMIN, READ FIRST PLEASE!!

[-[dk]-]

It is nasty... we fought it all day Thursday...... it is a fast self

replicating thing....


Symantec has released patches , as have mcafee......


-dustin-



----- Original Message -----

From: "Tim Loenders" <

tloendersinterconnect [dot] be

>

To: <

flasherchinwag [dot] com

>; <

belraveamphion [dot] be

>

Sent: May 4, 2000 7:19 AM

Subject: FLASH: FW: WARNING: e-mail bomb alert !! Solution for the LoveYou

virus, ADMIN, READ FIRST PLEASE!!



> Hi there,

>

> Sorry to bother you with virus info on the mailing list but it seems that

> this one is nasty!

>

> If you have problems with the Loveyou virus (like I had this morning). The

> way to desinfect your PC is written below.

>

> Be sure not to open any mail with the loveyou subject.

>

> If it's too late be sure to clean your PC thoroughly the way described

> below.

>

> Hope it helps.

>

> Tim

>

> > WARNING!!

> >

> > Please be aware of a e-mail message with subject: ILOVEYOU

> > It contains an VBScript attachment (iloveyou.vbs)

> > When you open the attachment - the e-mail virus will spread itself to

ALL

> > the recipients in

> > your addressbooks.

> >

> > DO NOT OPEN THE VBS ATTACHMENT !!

> >

> > The virus will attempt to:

> > - send itself to all your recipients (address lists)

> >     internal and external addresses !

> > - change your default webpage in Internet Explorer to an infected

website

> > - try to connect to an infected IRC server

> > - create other copies of itself on your local harddisk (all with

extension

> > *.vbs)

> >    it uses filenames of existing jpg files...

> > - register itself in the registry to run at login

> >

> >

> > To find infected PC's you can search the local harddisk for one of the

> > following files:

> > - Win32DLL.vbs

> > - MSKernel32.vbs

> > - LOVE-LETTER-FOR-YOU.TXT.vbs

> -  LOVE-LETTER-FOR-YOU.htm or html

>

> What you can do and SHOULD do immediately, if infected:

>

> In the Windows directory (C:\WINDOWS or C:\WINNT): delete the Win32DLL.vbs

> file

> In the Windows System directory (e.g. C:\WINNT\SYSTEM32): delete the

> MSKernel32.vbs file

> in c:\Windows directory (e.g. WINNT) delete

> \SYSTEM32\LOVE-LETTER-FOR-YOU.TXT.vbs

> in c:\Windows directory (e.g. WINNT) delete

> \SYSTEM32\LOVE-LETTER-FOR-YOU.HTM

> In the Registry delete these keys:

>

>

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32

> and

>

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win

> 32DLL

> Than reboot your system. Now the virus should no longer be active...

>

>

> [Tim Loenders]  The size of the VBS files is 10.307 bytes

>

> > The first action you should take is to delete all the created *.vbs

files

> > on the harddisk to prevent further spreading of the virus.

> >

> > Here is an example of the VBScript code used:

> >

> > c.Copy(dirsystem&"\MSKernel32.vbs")

> > c.Copy(dirwin&"\Win32DLL.vbs")

> > c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")

> > ....

> > regcreate

> >

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel

> > 32",dirsystem&"\MSKernel32.vbs"

> > regcreate

> >

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\

> > Win32DLL",dirwin&"\Win32DLL.vbs"

> > ....

> > set mapi=out.GetNameSpace("MAPI")

> > for ctrlists=1 to mapi.AddressLists.Count

> > set a=mapi.AddressLists(ctrlists)

> > ...

> > male.Subject = "ILOVEYOU"

> > male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from

me."

> > male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")

> > male.Send

> > ..........

> >

> >

> > More info can be found at:

> > http://www.virusinfo.com/v-descs/love.htm

> >

> >

> > Please inform your IT depts. about this email virus.

> >

> >

> >

> > This one will certainly catch the news this evening !

> >

> >

> >

> >

> >

> > -------------------------

> >   Filip Jonckers

> >     consultant

> >  Interconnect nv

> > network Solutions

> > +32 (0)3 450.74.70

> >

>

> flasher is generously supported by...

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>  Get the last 100 messages from the flasher list NOW

>     http://www.chinwag.com/flasher/last100.shtml

>

>  Flash books http://www.chinwag.com/flasher/books.shtml

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> To unsubscribe or change your list settings go to

>

http://www.chinwag.com/flasher or email helpchinwag [dot] com

>

>



flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Get the last 100 messages from the flasher list NOW

    http://www.chinwag.com/flasher/last100.shtml


 Flash books http://www.chinwag.com/flasher/books.shtml

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com