![]() Irc channel it dcc's itself to all the other usersī) Overwrites any. ![]() Now it has a look around all the drives on the machine (local drives I think) as does the followingĪ) If it find mirc, edits it's ini file so when you next log onto an *all* the entries in it and emailing then an email with the subject line "ILOVEYOU" and the worm as an attachment. ![]() Now it does to old trick of openning the Outlook address book, grabbing This basically contains the worm itself set to run when the page is Next, it generates the file WINNT/SYSTEM32/LOVE-LETTER-FOR-YOU.HTM exe to be run at next boot and resets i.e home page to about:blank (blank page) It sets internet explorers start page to download a file called WIN-BUGSFIX.exe from one of 4 places (randomly chosen) on It then checks to see it this file has been downloaded (i.e. It then checks to see it /WINNT/SYSTEM32/WInFAT32.exe exists - if it does if it is it remembers that value, otherwise it uses c:\ instead. Next it checks to see if ie download directory is set in the registry Which will run the script again on the next boot of the computer ![]() HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C u rrentVersion\RunServices\Win32DLL HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C u rrentVersion\Run\MSKernel32 It then copies itself to WINNT/SYSTEM32/MSKernel32.vbs HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout It spreads by two methods, irc and email. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |