This is NOT a hoax. Currently there is a virus being e-mailed around the world called the ILOVEYOU virus. The ILOVEYOU virus has an attachment called LOVE-LETTER-FOR-YOU.TXT.vbs. If you receive this e-mail, do not open it. Delete and Empty the item immediately!

The mail message will be formatted as follows:

Subject: ILOVEYOU
Body: kindly check the attached LOVELETTER coming from me.
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs

The ILOVEYOU virus is a VBScript worm. It spreads via e-mail like a chain letter.

The worm uses the Outlook e-mail application to spread. LoveLetter is also a overwriting VBS virus, and it spreads itself using mIRC clients as well. It also deletes JPG and MP3 files

For more information:

#####://www.theregister.co.uk/000504-000013.html

#####://www.datafellows.com/v-descs/love.htm

No kidding...we just got hit with this virus this morning!!!...as I write this our mail servers are shut down and our company is at a stand still! This one is BIG!!

I got that this morning from a client. Fortunately I heard a news report this morning and I didn't open it.

One thing I would like to add is that if you attempted to open the attachment notify someone if your IT department immediately. The attachment contains the main virus and this is what destroys JPEG and MP3 files as well as any other file it can infect. We were hit early this morning and fortunately contained it fairly well.

This is for real! I to received a "I Love You" message at 8:45 am. Fortunately our data processing people alerted me 30 minutes prior and I did not open the attachment. Our computer people said to 1) Not open the attachment and 2) Reply back to the sender of the Virus that their computer is infected and they need to delete the "I Love You" virus from their computer. I noticed several companies are offering procedures for deleting this virus. Just go to any Internet News Service and it will be in the headlines.

Our service department has been buried with damage requests from customer's around the Twin Cities. Currently there are about 38 orders for recovery and counting!

This one spreads without the infected users knowledge until he/she shuts down or reboots. Stelthy worms are the internet's worst nightmare.

Ya'll be good and careful, hear?

AquaMan~~~~~~~~~~~~~

I got it this morning and didn't open if from the attachment, but put it on a disk, then opened it. As soo as I saw that it wasn't a message, I hit the power switch and shut my computer right down. Did I do the right hting? Do I still have the virus? I have Norton Anti-Virus, but it didn't pick it up. Anyone who could answer these questions. I would appreciate it.

It's hard to say if your computer is infected or not. the best way to find out is to goto start, find, files or folders, and do a search on your c: drive for *.vbs

If you have alot of them, (more than 5) and they are in folders like c:\program files\netscape\communicator\users\defaule\cache or the folder called temporary internet files (if you use Internet explorer) the computer is infected.

One other indication that your computer is infected is that you will have 2 files on your computer called win32dll.vbs and mskernel32.vbs.

If it is infected, take it to someone that is comfortable removing it manually (it could mess up your computer badly if done incorrectly) or don't connect to the internet until there is an update for Norton available that will clean it automatically.

Good luck with it.

YOCT

I did the search and there are hundreds of them.

You have it then. You can either go to www.symantec.com for instructions on how to remove it, or take it to someone to have it done, or if you're patient, just wait until someone gets an antivirus program out that can remove it automatically. Due to the way the virus renames existing files, and puts copies of itself all over the computer, it may be awhile until someone has software out that can clean it effectively.

YOCT

I think the first lesson in computing 101 is not to open ANY email attachment without first thinking of the potential consequences.

ANY "executable" file attachment with email is suspect. I don't care if it comes from your mother and most probably particularly your mother. Under no circumstances should it be opened unless you can first hand verify its integrety. It appears that companies are not doing a good job of schooling their employees.

Anyone that is more than just the most casual home user most probaby has heard of computer viruses and should have been forewarned of what precautions to take. This stuff makes headlines on the six o'clock news, everyone should be aware.

I used to work with a guy, an electrical engineer by training, and if this guy didn't have either his home or office computer infected at least 3 or 4 times a year it was considered an off year. This guy was just plain careless.

Someone once said, "fool me once, shame on you. Fool me twice, shame on me".

Getting the message out on message boards such as this only helps to educate and hopefully the message will sink in.

This not only applies to email, but downloading software from unknown sources on the Web as well as software recieved from "friends" on disks. The best course of action is to be suspicious. Get antivirus software (AVS) and use it. One problem is that the software must be kept up to date and when a newly designed virus hits cyberspace the AVS probably will not catch it. It helps but it's not the magic bullet.

Instances like this also reinforce the notion that you should back up your data files regularly and store them on some medium that is separate from you PC. Then if you do get infected you can reformat the hard drive and you'll still have good copies of your important data. If I ever lost my financial files I'd probably take one last fishing trip and then drown myself!

I hope no one reading this experienced any catastrophic failures.


Later....

Al

You don't have to open the attachment to have it run. If you have VB script services installed, which is typical for Win98 and MSIE5, just opening the email, not the attachment can trigger it. This coupled with how the server is configured can cause the virus script to run.

We too have had it...and are working on containing it. Scary thing is, this could have been worse looking at the virus code.

Kurt ... who WAS on vacation till this hit today.

This is apparently what happened to me. I did not open the attachment, I merely moved it to a disk in a drive, along with a bunch of other reports that were to be transferred to that drive to be opened later in PageMaker. I noticed the little light on my puter was going crazy and it was making a lot of little ticking noises like it was working really hard. I have Norton Antivirus because I recieve so much stuff e-mail from so many magazine contributors, but Norton did not catch it and still can't detect it on my system even though I have spent my whole afternoon and evening on Norton's Website trying to get help tracked down. This is a real bummer. I still don't know how much damage may have been done or if I should continue working or not. By continuing to use my computer is it making it worse? This is the first virus I've ever had and I don't know where to turn. Thanks for you help so far.

To remove it do the following:

1. Find and delete infected files.
(open Windows Explorer, select the C drive, hit Ctrl-F, search for *.vbs , delete all entries from within the search window, then empty recycle bin. It deletes and renames your JPG and MP3 files to .vbs files.)

2. Remove the registry key:

HKLM\Software\Microsoft\
Windows\CurrentVersion\
Run\WIN-BUGSFIX

(click Start > Run and enter REGEDIT, click on My Computer, hit Ctrl-F and enter WIN-BUGSFIX. Chances are good that if you didn't reboot the computer then you won't find it. If you do, delete the entry (right-click name, then click delete). Just be careful when editing the Registry as you can cause worse damage to the computer than the virus did.)

3. Restore your browser's Start Page.

This should have you back and posting brilliant messages on WalleyeCentral in minutes. And as a sidenote, running a program from floppy or hard disk has the same affect. Also, there might be one or two .vbs files that you can't delete. If so, hit Ctrl-Alt-Del, look for a program called Script, click on it, then click End Task.

Any questions email me at Dennis@Climbing-Guides.com.

Did it. I deleted more than 1600 files. I hope this thing still works when I turn it on in the morning.

Just as reports of infections by the ILoveYou virus
started to slow down, a new version of the program
is winging its way around the Internet. This one
has the subject line "FW: JOKE" and contains an
attachment called "Very Funny.vbs." The alterations
might allow the program to sneak around some antivirus
programs, adding to the pain the ILOVEYOU virus has
already inflicted around the world today.

I think you're fine using it. The payload of the virus is simply to propagate itself out to the rest of the net. If you deleted the files mentioned above, you should have at least crippled the virus enough to keep it from working. Is it sending itself out to people when you have your email open when connected to the internet? if not, the virus isn't working, and isn't hurting anything. This particular virus doesn't do any harm to the computer (that we know of yet. I've looked at the code, and it doesn't appear to make any hardware calls), as the biggest problem is the massive number of emails it generates. If it's not sending out the emails, I see no reason why you shouldn't continue to use your computer.


YOCT

Yepper, Hans. In fact there are several "copycat" viruses in circulation. Util things settle down we are instructing all our clients to refrain from opening ANY file with unexpected attachements. It is very simple, if you are not expecting a specific attachement and cannot confirm it with a phone call, then delete it, PERIOD.

If anyone you know needs to fix their PC from the virus( I LOVE YOU), go to this site:
#####://www.europe.datafellows.com/v-descs/love.htm


AquaMan~~~~~~~~~~~~~

Thats about the best advice you can give to anyone about viruses in general. Of course, one can preach and preach, and the day comes that a virus appears in email, and someone will click it to run it.

YOCT will only Dre and Metalica mp3z be affected? I think my machine has critters!