Virus ILOVEYOU Disinfection

Alejandro.Carrion at bcl.jcyl.es Alejandro.Carrion at bcl.jcyl.es
Thu May 4 13:30:25 EDT 2000 

I forward a message about virus ILOVEYOU disinfection.

Hope this is useful.

>============================================================
>Here is my means of removing the virus, and it seems to stop the problem:
>
>  DISCLAIMER: I don't guarantee this will work on your computer. Also, you
>need to edit the registry, which is not for the faint of heart.
>
>  1. If Outlook is running, turn it off now! There is still a chance that
>the messages in your Outbox were not sent yet. Unplug your network
>adapter/modem to ensure that you cannot accidentally connect, open Outlook
>again, and delete all entries from your Outbox.
>
>  2. Close Outlook.
>
>  3. Run regedit.exe (Click Start->Run, enter 'regedit' and click OK).
>
>  4. Go to HKEY_CURRENT_USER->Software->Microsoft->Windows Script
>Host->Settings. If there is an entry for Timeout, delete it. I did not
>have this, but the source code looks like it may exist.
>
>  5. Go to HKEY_CURRENT_USER->Software->Microsoft->Internet Explorer->Main.
>Scroll down until you see an entry for Start Page. Double click on it, and
>edit it so it reflects the correct start page (Ideally slashdot.org or
>thepope.org :) ).
>
>  6. Go to
>HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run.
>Delete the entry for MSKernel32.
>
>  7. Go to
>HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->RunServices.
>  Delete the entry for Win32DLL.
>
>  8. Open Windows Explorer (Start->Programs->Windows Explorer). Go to
>c:\windows\system (or c:\winnt\system32) and delete MSKernel32.vbs,
>LOVE-LETTER-FOR-YOU.HTM, and LOVE-LETTER-FOR-YOU.TXT.vbs. Also, delete
>Wind32DLL.vbs from the Windows directory.
>
>  9. This is the most painful part. This virus replaces every file with the
>following file extensions: vbs, vbe, js, jse, css, wsh, sct, hta, jpg,
>jpeg, mp3, mp2. You can't get the files back, but you can at least delete
>them pretty easily. Do a search for all files with the .vbs extension
>(Start->Find and enter '*.vbs' in the Named field, then click Find Now).
>Select all of the results, and hit delete.
>
>  10. Go to your room without dinner. You should know better than to run
>files like this. Optionally, you may avoid any punishment by purchasing an
>indulgence.
>
>  This is my rough draft. I'll continue to take looks at it, and if anyone
>has any other information, feel free to email me (kurt at thepope.org) and I
>will try to integrate it into this page.
>
>  -Kurt
>============================================================

___________________________________________________________________________

    Alejandro Carrion Gutiez          Tfno.   34-983-358599
    Biblioteca de Castilla y Leon     Fax     34-983-359040
    Plaza de la Trinidad, 2           e-mail  Alejandro.Carrion at bcl.jcyl.es
    47003 Valladolid                  http://www.bcl.jcyl.es
    (España)                          http://la-biblioteca.org
___________________________________________________________________________

More information about the Web4lib mailing list