I woke up late, so I didn’t turn on the radio and hear the news of the latest virus. But on my computer at work, I was greeted with the friendly electronic message, “I LOVE YOU.”
I opened it. Can you blame me? Our office does not use Microsoft Corp.’s Outlook, so when I clicked on the attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs,” it launched the Outlook setup Wizard; I promptly hit Cancel.
The next e-mail message was a colleague’s warning about the “I Love You Virus.” The note indicated the virus spreads to everyone in your Outlook address book. I keep my address book in Lotus Notes, so everything should be fine, right? Wrong.
When I launched Internet Explorer, my home page was changed from PC World.com to some scrambled link.
That’s when I started to worry.
Worm Infects Images, Music
I write about multimedia for PC World.com, so you can imagine my concern when I learned the virus attacks files on local and remote drives with extensions like .jpg and .mp3.
Our IS department told me to download Norton’s antivirus update. Easier said than done: Half of the e-mail-enabled world had the same plan. I barely got through to Symantec’s site and couldn’t get to the update, much less download it.
Meanwhile, I quizzed Microsoft about the vulnerability of Outlook. Viruses can attack any e-mail program through attachments, Microsoft representatives replied. They offer a downloadable security upgrade for Outlook 97, 98, and 2000. It forces you to save attachments to your hard drive, where your antivirus software can scan them before you open them.
Deleting Infected Files
A technical editor came to my aid. He, too, was unable to download the antivirus update but found instructions on how to manually remove the infected files.
According to Symantec, the e-mail virus, or worm, copies itself to the Windows System directory as MSKernel32.vbs, the Windows directory as Win32DLL.vbs, and the Windows System directory as LOVE-LETTER-FOR-YOU.TXT.vbs.
I deleted those .vbs files. Then I searched for all .vbs files and found the worm had infected more than 4,000 image and music files with VBS extensions. Praying I would still have something left on my hard drive, I selected them all and hit Delete. We all know backing up is good to do, and we don’t do it often enough. Let’s just say that a bad virus can change bad habits.
I followed Symantec’s next instruction to remove the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion \Run\WIN-BUGSFIX. But when I searched the registry, I didn’t find a HKLM key. I decided to reboot.
Change Your Passwords
Crossing my fingers and envisioning hours of MP3 encoding to replace my digital music collection, I waited for Windows to restart. All went well. My files seem intact; I hadn’t removed the wrong Windows kernel files; and I reset my IE home page.
I’m still trying to get through to Symantec to download that Norton Update and really nip this bug. But my last attempt to get through to Symantec.com met with the message “Forbidden Access.”
Somehow, I don’t feel the love.
Crouch is a writer with San Francisco-based PC World.com.