Pit Schultz on Thu, 4 May 2000 21:30:28 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
[rohrpost] cure from loveletter virus |
19:49 04.05.00 Berlin where have all the jpges gone? it started in the phillipines and spread exponentially, all kinds of agencies who use outlook spread the virus into the businessworld, pentagon e-mail was shut down etc. the following .exe seems to work properly. shut down other running applications before. did somebody say backup? all best /pit ---- from: alt.virus Here's the Beta cure: http://getvirushelp.com/ILoveYou/iloveyoucleaner.exe I'm planning on adding a couple features when I get a chance, but I've been successful in using this to clean machines. Craig Schmugar craig@getvirushelp.om http://www.getvirushelp.com ---- Hi, I have to go to sleep now. It is getting late over here in Taiwan and I have been looking for a cure for the love-letter-for-you virus. I hope there is cure before I wake up in the morning. I do not have any of the major anti-virus programs so even if there is a cure that can cure the love virus, I couldn't update the definition files to fix it. I am hoping there is something not related to any specific Anti-virus company that I can put on a floppy and install on the infected PC to fix this. Or I can manually fix it. I saw one fix to change the registry delete the culprit and then delete every file that is 11k and has a .vbs extension. I am hoping there is an easier fix as i checked the infected Pc and there about 200 files that match that description mostly jpegs and gifs. Any help would be appreciated. I want our little company to be productive tomorrow. Cheers. Steve Smith Taipei, Taiwan ---- We're clean. In an office of 30, 10 were infected. Followed the instructions by Robin Sayer (and the follow ups) and we're clean. The server is no longer under severe strain (it's better than ever, in fact) and everyone is happy. Have to edit the registry, but nothing too serious - don't be afraid of it. So either find the thread **LOVELETTER VIRUS ALERT** on this newsgroup, or go to www.remarq.com/read/compvirs/q_5GXeCMH9P0C_DzU which has that thread. It works. Although you do lose the files that have been corrupted, what more can I say? (Except, I'll never forget the joy as the processor usage on our server dropped from 100% when the virus was at it's max to a more civilised 10% after I'd cleaned it all) Big thanks to Robin Sayer. ---- Hi there, Who has info on a new virus sweeping South Africa. The virus is called "I love you" , or "Love Letter". It is a .vbs file and works by replicating itself and mailing to everyone in your address book. I think that is fairly new as there is info on the web, I think. Thanks, keep cool guys ! --- It's currently following the timezones west.... Europe has been hit pretty bad. www.datafellows.com has Infos on it. ---- Hey, Here it's hit the west coast. If you don't know how to read VB to find out the files it's using here are the paths and files: Files created: MSKernel32.vbs Win32DLL.vbs Love-Letter-for-you.txt.vbs Registry Settings needed to be deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKerne l32",dirsystem&"\MSKernel32.vbs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices \Win32DLL",dirwin&"\Win32DLL.vbs fifedog ----- Check task manager & end wscript.exe & outlook.exe if they're running Delete all .VBS files created today (Do findfiles *.vbs - all files created or modified today) Remember to specify 'all-drives' - you will have lost all your jpg's,mp3,mp2,css & some others on local drives & shares. Delete ROOT\WINNT\SYSTEM32\LOVE-LETTER-FOR-YOU.HTM Delete; "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern el32 MSKernel32.vbs" "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService s\Win32DLL Win32DLL.vbs" Set default internet explorer location back to what it normally is. (www.msn.com by default) Then check; HKCU\Software\Microsoft\Internet Explorer\Main\Start Page to make sure the change has taken ok. Check & delete if exists; "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN- BUGSFIX",downread&"\WIN-BUGSFIX.exe" Search all drives for win-bugsfix.exe & delete Check "HKEY_CURRENT_USER\Software\Microsoft\WAB\" Against your address book to see who you have posted to. No great harm done unless you depend on your jpg's - don't run mail attachments on MC PC's in future. ---- ---------------------------------------------------------- # rohrpost -- deutschsprachige Mailingliste fuer Medien- und Netzkultur # Info: majordomo@mikrolisten.de; msg: info rohrpost # kommerzielle Verwertung nur mit Erlaubnis der AutorInnen # Entsubskribieren: majordomo@mikrolisten.de, msg: unsubscribe rohrpost # Kontakt: owner-rohrpost@mikrolisten.de -- http://www.mikro.org/rohrpost