I got slammed with this today. About 29,000 people in my Exchange
organization, all sending this thing around.
Steve
Here is a "fix" that infosec put out:
Manual Clean Before Reboot:
In the Windows directory (C:\WINDOWS or C:\WINNT): delete the Win32DLL.vbs file
In the Windows System directory (e.g. C:\WINNT\SYSTEM32): delete the
MSKernel32.vbs file
in c:\Windows directory (e.g. WINNT) delete \SYSTEM32\LOVE-LETTER-FOR-
YOU.TXT.vbs
in c:\Windows directory (e.g. WINNT) delete \SYSTEM32\LOVE-LETTER-FOR-YOU.HTM
In the Registry delete these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DL
L
Then reboot your system. Now the worm should no longer be active...
Manual Clean After Reboot:
In the Windows directory (C:\WINDOWS or C:\WINNT): delete the Win32DLL.vbs file
in c:\Windows directory (e.g. WINNT) delete \SYSTEM32\LOVE-LETTER-FOR-
YOU.TXT.vbs
in c:\Windows directory (e.g. WINNT) delete \SYSTEM32\LOVE-LETTER-FOR-YOU.HTM
In the Registry delete these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DL
L
Then reboot your system.
Then In the Windows System directory (e.g. C:\WINNT\SYSTEM32): delete the
MSKernel32.vbs file
Now the worm should no longer be active...
Quoting Hugo Haesaert <
hugo.haesaert@...>:
> Hi All !
>
> On telly news i saw a webpage that likened this virus to the clarissa
> virus . It is my understanding that if this is the case, only people
> that use Outlook express or other MS mail software are concerned . ;^P
>
> True or false ?
>
> Steve, i searched, but could not find :
>
> >start/settings/add new software/accessories
>
> More info would be welcome, i'm somewhat windoze-challenged at times
> ;-)
>
> Thanks .
>
>
> Keep 'em oscillating :)
>
>
> Hugo
> =
>