|
| Name: | I love you |
| Aliases: | VBS/LoveLet-A, VBS/LoveLet-B, LoveLetter, The Love Bug, fwd: Joke, Spammer, Price Quote, Susitikim, Love Bug, VBS/Contract, |
| Ports: | 25 |
| Files: | Wormfile.zip - 8,104 bytes Worm.zip - 9,096 bytes Win-bugsfix.zip - 7,976 bytes Love-letter-for-you.txt.vbs - 12,606 bytes Resume.txt.vbs - Love-letter-for-you.htm - Very funny.vbs - 9,933 bytes Mskernel32.vbs - Win32dll.vbs - Protect.vbs - Script.ini - Win-bugsfix.exe - Winfat32.exe - Hcheck.exe - - 8,814 bytes - 9,366 bytes - 9,615 bytes - 9,684 bytes - 9,774 bytes - 9,933 bytes - 9,962 bytes - 10,000 bytes - 10,074 bytes - 10,161 bytes - 10,172 bytes - 10,205 bytes - 10,221 bytes - 10,307 bytes - 10,315 bytes - 10,396 bytes - 10,521 bytes - 11,907 bytes - 12,174 bytes - 12,606 bytes |
| Created: | May 2000 |
| Requires: | N/A |
| Actions: | Worm / IRC Trojan / Mail trojan / Destructive trojan / Steals passwords |
| | The worms spread through mail or IRC. It will also try to destroy all files with the extensions .vbs, .vbe, .js, jse, .css, .wsh, .sct, .hta and jpg, jpeg, mp3 and mp2 files. May be updated from the Internet. |
| Versions: | A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, AJ, AS, BD, BG, BJ, BL, CA, |
| Registers: | HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ HCU \Software\Microsoft\Internet Explorer\Main\Start Page\ HCU\Software\Microsoft\Windows Scripting Host\Settings\Timeout HCU\Software\Microsoft\WAB\ |
| Notes: | Works on Windows, together with MS Outlook or Outlook Express, and mIRC. |
| Country: | written in the Philippines |
| Program: | Written in Visual Basic Script (VBS). |
 Using the Process Monitor from AATools, you will see whether any foreign
programs are running on your computer. If you find some unwanted program, you
can terminate it by clicking the 'Terminate Process' button on the Toolbar.
Using the AATools Network Monitor, you can see what ports are in use on
your local PC for connection with remote systems (LAN/Internet). On Windows
NT/2000/XP the Network Monitor will display you the services that are active on
the ports, and map the ports to their respective applications. If you register
port probes directed against ports that are normally not used, it is possible
that someone is trying to connect to a Trojan inside your network. Using the
Registry Cleaner (Startup section) from AATools, you will see
the list of programs that are registered under Run, RunOnce, RunOnceEx and
RunService registry keys. So you can find out what programs are started behind
your back. You should check these programs to see they are legitimate ones but
not Trojans programs.
0-C | D-H | I-N
| O-S | T-Z
If you have any questions or information about ports used by Trojans not
listed above, please contact us. |
