Bitten by the love bug

I woke up late, so I didn’t turn on the radio and hear the news of the latest virus. But on my computer at work, I was greeted with the friendly electronic message, “I LOVE YOU.”

I opened it. Can you blame me? Our office does not use Microsoft Corp.’s Outlook, so when I clicked on the attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs,” it launched the Outlook setup Wizard; I promptly hit Cancel.

The next e-mail message was a colleague’s warning about the “I Love You Virus.” The note indicated the virus spreads to everyone in your Outlook address book. I keep my address book in Lotus Notes, so everything should be fine, right? Wrong.

When I launched Internet Explorer, my home page was changed from PC World.com to some scrambled link.

That’s when I started to worry.

Worm Infects Images, Music

I write about multimedia for PC World.com, so you can imagine my concern when I learned the virus attacks files on local and remote drives with extensions like .jpg and .mp3.

Our IS department told me to download Norton’s antivirus update. Easier said than done: Half of the e-mail-enabled world had the same plan. I barely got through to Symantec’s site and couldn’t get to the update, much less download it.

Meanwhile, I quizzed Microsoft about the vulnerability of Outlook. Viruses can attack any e-mail program through attachments, Microsoft representatives replied. They offer a downloadable security upgrade for Outlook 97, 98, and 2000. It forces you to save attachments to your hard drive, where your antivirus software can scan them before you open them.

Deleting Infected Files

A technical editor came to my aid. He, too, was unable to download the antivirus update but found instructions on how to manually remove the infected files.

According to Symantec, the e-mail virus, or worm, copies itself to the Windows System directory as MSKernel32.vbs, the Windows directory as Win32DLL.vbs, and the Windows System directory as LOVE-LETTER-FOR-YOU.TXT.vbs.

I deleted those .vbs files. Then I searched for all .vbs files and found the worm had infected more than 4,000 image and music files with VBS extensions. Praying I would still have something left on my hard drive, I selected them all and hit Delete. We all know backing up is good to do, and we don’t do it often enough. Let’s just say that a bad virus can change bad habits.

I followed Symantec’s next instruction to remove the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion \Run\WIN-BUGSFIX. But when I searched the registry, I didn’t find a HKLM key. I decided to reboot.

Change Your Passwords

Crossing my fingers and envisioning hours of MP3 encoding to replace my digital music collection, I waited for Windows to restart. All went well. My files seem intact; I hadn’t removed the wrong Windows kernel files; and I reset my IE home page.

I’m still trying to get through to Symantec to download that Norton Update and really nip this bug. But my last attempt to get through to Symantec.com met with the message “Forbidden Access.”

Somehow, I don’t feel the love.

Crouch is a writer with San Francisco-based PC World.com.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now