That was popular long long ago, It is attachement file from email .
The subject line of the infectious email reads "ILOVEYOU", and the message of the email reads "Kindly check the attached LOVELETTER coming from me." The attachment, which has the destructive Visual Basic script, is named "LOVE-LETTER-FOR-YOU.TXT.vbs"
If u open that kind of email .u will be sure to be infected this virus on ur computer ,,
But don,t worry , the way to solve this one is so easy
1 .close all ur network adpter and connection
2.close ur email files.
3.Run >regedit
- Go to HKEY_CURRENT_USER->Software->Microsoft->Windows Script Host->Settings. If there is an entry for Timeout, delete it. I did not have this, but the source code looks like it may exist.
- Go to HKEY_CURRENT_USER->Software->Microsoft->Internet Explorer->Main. Scroll down until you see an entry for Start Page. Double click on it, and edit it so it reflects the correct start page (Ideally slashdot.org or thepope.org :) ).
- Go to HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run. Delete the entry for MSKernel32.
- Go to HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->RunServices. Delete the entry for Win32DLL.
- Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If there is an entry for WIN-BUGSFIX, delete it.
- Go to HKEY_CURRENT_USER->Software->Microsoft->Windows->CurrentVersion->Explorer->Doc Find Spec MRU. This entry contains all of the most recently used files. It would be a good idea to delete all of the entires.
- Open Windows Explorer (Start->Programs->Windows Explorer). Go to c:\windows\system (or c:\winnt\system32) and delete MSKernel32.vbs, LOVE-LETTER-FOR-YOU.HTM, and LOVE-LETTER-FOR-YOU.TXT.vbs. Also, delete Win32DLL.vbs from the Windows directory.
- This is the most painful part. This virus replaces every file with the following file extensions: vbs, vbe, js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, mp2. You can't get the files back, but you can at least delete them pretty easily.
First a search for all files with the .vbs or .vbe extension and which containt the text "LOVEYOU" (Start->Find and enter '*.vbs *.vbe' in the Named field, enter "LOVEYOU" in the Containing Text field, then click Find Now). Select all of the results, and hit delete.
Make sure you include "LOVEYOU" in the contained text field. This will help prevent files that were not infected from getting deleted. Now, you can go back and fix any files that were renamed, but not infected. Do the exact same search, but do not include the "LOVEYOU" criteria. You will see all (if any) files that were renamed but not infected. Now you just need to start going through and rename all of the files to their original names (just remove the .vbs extension).
Update: It looks like mp3 files are merely marked as hidden, not completely deleted. - Finally, you will need to do a search for a couple of other misc. files that may be on your machine now. Search for WIN-BUGSFIX.exe or WIN_BUGSFIX-32.exe (if you opened Internet Explorer after getting the bug) script.ini (if you use mIRC), and possibly WinFAT32.exe. If you have any of these two files, delete them.
- When all of the files are deleted, it would be a good idea to empty your recycle bin.
- Go to your room without dinner. You should know better than to run files like this.
No comments:
Post a Comment