Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

"I Love You" Virus

Information about Love Letter virus and its variants:

                     VBS/LoveLetter is a VB Script uses Microsoft outlook and Mirc clients to spread. It is spreading faster than Melissa virus. It causes heavy e-mail traffic and downs many mail servers. The new variant VBS/NewLove charges deadly payload and it will damage all files in the system.

                     When opening the e-mail attachment, will create MSKernel32.vbs, LOVE-LETTER-FOR-YOU.TXT.VBS files in windows system folder and Win32Dll.VBS in windows folder. Then it changes the registry settings so that the the script is automatically executed when the system is restarted. The .VBS extension will not appear if windows scripting host is installed. This worm takes advantage of this and blinds the user to open attachment.

                     It opens the Microsoft Outlook Address book and sends email to all the email ids stored in that. The message subject will be "I Love you", the message body will be "kindly check the attached love letter coming from me" and the attachment name will be "LOVE-LETTER-FOR-YOU.TXT.VBS". Then the virus searches for all local and remote drives and overwrites .js, .hta, .css, .wsh, .sct and .hta files with the script. It overwrites jpg, jpeg files with the virus code and renames to .vbs extension. In case of mp2 and mp3 files it hides the original file and creates a new file with .vbs extension and writes its code there.

                     It also tries to download a file from virus author's site. If the file is downloaded it modifies the registry to run the file on each reboot. It is a password stealing trojan will be stored in the name of WIN-BUGFIX.EXE. There are several variants of VBS/LoveLetter is reported in the wild. Most of them arrives with different names like LOVE-LETTER-FOR-YOU.TXT.VBS, mothersday.vbs, Urgent_virus_warning.vbs, IMPORTANT.TXT.VBS, Virus-Protection-Informations.vbs, ArabAir.TXT.vbs, BEWERBUNG.TXT.vbs, KillEmAll.TXT.vbs, protect.vbs or Very Funny.vbs. There are more than 25 variants reported in the wild now.

Few variants information:

Mother'sday Variant:

This variant of VBS/Loveletter mail carries the following details.

Subject: Mothers Day Order Confirmation

Message Body: We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com'

Attachment: mothersday.vbs

Susitikim Variant:

Subject: Susitikim shi vakara kavos puodukui...

Message Body: Kindly check the attached LOVE LETTER coming from me.

Attachment: LOVE-LETTER-FOR-YOU.TXT.VBS

Very funny Variant:

Subject: fwd:Joke

Message Body: ---

Attachment: Very Funny.vbs

Unix Variant:

This variant is written in shell script using the VBS/LoveLetter concept. This variant is not wide spread in the wild.

Remvoing I Love You virus from your system:

                     Fire has incorporated VBS/LoveLetter worm and its variants into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file from our web site.

                     To protect your system against infection, disable Windows Scripting Host by following these steps: Click the Start button, Settings, Control Panel, then select Add/Remove Programs, then select the Windows Setup tab, then double-click Accessories, scroll down to Windows Scripting Host, and uncheck the box. Save changes and close the window.

                     You can check the system manually. This worm creates "MSKernel32.VBS" in windows system folder and Win32DLL.VBS in windows folder. If the files are present in the folder, your PC is infected with this virus. A free utility is available to detect and clean this virus in Download Center.

                     A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

Go to top of the page
.