| Answer» i ran a scan of pc today at work (all drives) & on the j drive symantec antivirus notification said i had VBS.LoveLetter.C(1) virus 6 times.  The long distance pc "support" said to unplug from the system which i did.  desktop support will try to help me tomorrow on work pc.   now i use 2 thumb drives on both my home & work pc---i'm scared to insert the thumb drives into my home pc in case there are infected files on them.  is it safe to run a norton antivirus scan on each thumb drive (e or f drives) from my home pc w/out infecting my home pc?  
 i thought VBS.LoveLetter.C(1) was an old virus from back around 2000 that current antivirus programs caught?  i input some personal bank account information earlier in the morning on my office pc---does VBS.LoveLetter.C(1)  virus able to retrieve that kind of information?  thanksMost modern day anti virus programs have what they call a "Real Time Scanning" function which is by default enabled. This catches and stops any viruses by files which are being actively accessed, i.e. ANYTHING on your flash drive that you open (if it is infected) will either be cleaned or quarantined, depending on your anti virus program settings. If you have no antivirus program, I would scan the flash drives on another computer first. There are so FAR 82 variants of this virus.
 Norton says this about the virus:
 
 
 This worm sends itself to email addresses in the Microsoft Outlook address book and also spreads to Internet chatrooms using mIRC. This worm overwrites files on local and remote drives, including files with the extensions .vbs, .vbe, .js, .jse, .css, .wsh, .SCT, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .avi, .qt, .mpg, .mpeg, .cpp, .c, .h, .swd, .psd, .wri, .mp3, and .mp2.
 
 The contents of most of these files are replaced with the source code of the worm, destroying the original contents. The worm also appends the .vbs extension to each of these files. For example, image.jpg becomes image.jpg.vbs. However, files with .mp2 and .mp3 extensions are merely hidden and not destroyed. Norton SystemWorks users can recover these files if NProtect is running at the time of infection.
 
 VBS.LoveLetter also tries to download a password-stealing Trojan horse program from a Web site.
 
 
 
 Also Known As:  Lovebug, I-Worm.LoveLetter, VBS/LoveLetter.A, VBS/LoveLet-A
 
 Type:  Worm
 Infection Length:  10,307 bytes
 
 
 Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
 Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
 
 
 Wild
 
 Number of infections: 0 - 49
 Number of sites: 3 - 9
 Geographical distribution: High
 Threat containment: Moderate
 Removal: Moderate
 Threat Metrics
 
 
 Wild:
 Low
 Damage:
 High
 Distribution:
 High
 
 
 
 Damage
 
 Payload Trigger: On execution of email attachment
 Payload: Overwriting files
 Large scale e-mailing: Sends itself to all addresses in the Microsoft Outlook Address Book
 Modifies files: Overwrites files with the following extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and .mp2. Files with extensions of .mp2 and .mp3 will be hidden from the user by setting the hidden directory attribute. The overwritten files can be recovered if the user is running NProtect from Norton Systemworks or Norton Utilities at the time of infection. Variant G also overwrites .bat and .com files.
 Degrades performance: Might clog the email server
 Distribution
 
 Subject of email: ILOVEYOU
 Name of attachment: Love-letter-for-you.txt.vbs
 Size of attachment: 10,307 bytes
 Shared drives: Overwrites files located on network drives
 Target of infection: Overwrites files with the following extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and .mp2. Files with .mp3 and .mp2 extensions will merely be hidden from the user's view and not actually destroyed. Variant G also overwrites .bat and .com files.
 
 When executed, the worm copies itself to the \Windows\System folder as both Mskernel32.vbs and LOVE-LETTER-FOR-YOU.TXT.vbs, and to the \Windows folder as Win32dll.vbs The worm checks for the presence of Winfat32.exe in the Windows\System folder.
 
 If the file does not exist, then the worm sets the Internet Explorer start page to a Web site with the Win-bugsfix.exe file. This Web site has been shut down.
 If the file does exist, the worm creates the following registry key:
 
 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX
 
 and executes the file during system startup. The Internet Explorer start page is then replaced with a blank page.
 
 For each drive, including network drives, the virus attempts to infect files that have .vbs and .vbe extensions. The worm also searches for files with the extensions .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp3, and .mp2. When files with these extensions are found, the worm does the following:
 Overwrites all files having the extensions .js, .jse, .css, .wsh, .sct, .hta, .jpg, and .jpeg with VIRAL code. It then makes a copy of the file and adds the extension .vbs to the file name. For example, if the file is named House_pics.jpg, the overwritten file is named House_pics.jpg.vbs. The original file is then deleted. These files must be deleted and then restored from a backup.
 Creates copies of all files having the .mp3 and .mp2 extensions. It then overwrites the copy with viral code and adds the .vbs extension to the file name. Next it changes the attribute of the original .mp3 or .mp2 file to hidden. Because of this, the original copies of .mp3 and .mp2 files are still unaltered--though hidden--on the hard drive. The modified files should be deleted.
 
 CAUTION: Do not attempt to run files that have been overwritten or renamed by this worm. If you do, the worm is executed again.
 
 [highlight]You can download a removal tool here http://www.symantec.com/avcenter/fixlove.exe[/highlight]
 |