|
|
LOVE-LETTER-FOR-YOU.HTM:
LOVE-LETTER-FOR-YOU.HTM
This worm sends itself to email addresses in the Microsoft
Outlook address book and also spreads itself into Internet
chatrooms via mIRC. This worm overwrites files on local and
remote drives, including files with the extensions
Delete the file Win32DLL.vbs from the Windows directory
- Delete the following files from the Windows\system directory:
MSKernel32.vbs ,LOVE-LETTER-FOR-YOU.TXT.vbs,LOVE-LETTER-FOR-YOU.HTM
WINFAT32.EXE,WIN-BUGSFIX.EXE,Funny Love.vbs,Funny Love.htm
- Remove winfat32.exe, win-bugsfix.exe,and all .VBS entries from the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunServices
HKEY_USERS\username\Software\Microsoft\Windows\
CurrentVersion\Run
This is modified for all users in HKEY_USERS.
- Remove all DWORD values from the registry key
HKEY_USERS\username\SOFTWARE\Microsoft\WAB
except for LDAP Connection Timeout and Server ID. This is done for all users in HKEY_USERS.
- Search all local hard drives for hidden MP3 and MP2 files.
The hidden attribute will then be removed.
- Search all local hard drives for LoveLetter SCRIPT.INI files.
|
|
|
