Sunday, March 7, 2010

GOSH! THERE ARE SO MANY VIRUS AND OF DIFFERENT NAMES THAT THE VIRUS CREATORS SEEMS TO RUN SHORT OF THE NAMES. “I LOVE YOU VIRUS” IS A STRANGE NAME USED BY ITS CREATOR. REQUESTED BY ONE OF OUR VIEWERS, HERE ARE THE STEPS TO REMOVE THE VIRUS.



BUT BEFORE DISCUSSING THE SOLUTION, LET’S SEE THE DETAILS OF THIS VIRUS. THE “I LOVE YOU” VIRUS ALSO KNOWN AS THE “LOVE” VIRUS AND SPREADS MAINLY VIA EMAILS. THE NAME IS BELIEVED TO ORIGINATE FROM THE SUBJECT OF THE MAILS BUT THERE HAVE BEEN SOME OTHER MODIFICATIONS IN THE NAME LIKE “MOTHER’S DAY” AND “JOKE” VIRUS.



THIS IS THE FORMAT OF THE E-MAIL THAT CONTAINS THIS VIRUS.

SENDER: SOMEONE A USER KNOW

SUBJECT: ILOVEYOU

BODY: KINDLY CHECK THE ATTACHED LOVELETTER COMING FROM ME.

ATTACHMENT: LOVE-LETTER-FOR-YOU.TXT.VBS



THE DEFAULT SETTINGS OF WINDOWS DON’T DISPLAY THE LAST EXTENSION AND THIS IS WHERE A USER THINKS THIS VIRUS AS A NORMAL TEXT DOCUMENT.



STEPS TO REMOVE LOVE VIRUS:



1. KILL ANY PROCESS CONTAINING “LOVE” FROM THE TASK MANAGER; ALSO REMOVE IT FROM THE COMPUTER’S STARTUP LIST (RUN MSCONFIG IN THE RUN BOX).



2. SEARCH YOUR HARD DISK FOR FOLLOWING ENTRIES:



LOVE-LETTER-FOR-YOU.TXT.VBS

LOVE-LETTER-FOR-YOU.HTM

MSKERNEL32.VBS

WIN32DLL.VBS

WIN-BUGSFIX.EXE



PERMANENTLY DELETE THE FILES FOUND FROM ABOVE SEARCH RESULT.



3. RUN REGEDIT IN THE RUN BOX AND DELETE THE FOLLOWING ENTRIES, IF ANY:



HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSKERNEL32

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\WIN 32DLL

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WIN-BUGSFIX HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINFAT32=WINFAT32.EXE



THIS WILL RESTORE THE SETTINGS BACK TO THE ORIGINAL AFTER REBOOTING THE COMPUTER.

4. YOU MAY ALSO LIKE TO CHANGE THE DEFAULT URL IN THE REGISTRY TO:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE “HTTP://WWW.MSN.COM” OR ANY OF YOUR CHOICE.

0 comments:

Post a Comment