Salutations,
For anyone that has been in the dark, the I love you Virus has hit today taking out a large number of computers, get an update from your anti-virus people. Here is the info on it:
Name: VBS/LoveLet-A
Aliases: The Love Bug
Type: Visual Basic Script worm
Detection: Detected by Sophos Anti-Virus version 3.34 or later. An update (IDE file) is available for earlier versions from the Latest virus identities section.

This virus has been very widely reported in the wild.

Please note: We have updated the IDE for this virus to detect a minor variant that has also been seen in the wild.

Comments: This is a virus which tries to spread itself in several ways. Most commonly, it sends itself as an attachment to an email.

Infected emails have the subject line:


ILOVEYOU
The message text is:


kindly check the attached LOVELETTER coming from me.
The attachment is called LOVE-LETTER-FOR-YOU.TXT.vbs, which has a double-extension. Mailers which suppress well-known extensions such as .vbs may present this file as LOVE-LETTER-FOR-YOU.TXT, which appears more innocent.

Because the virus arrives in a VBS file, it requires the Windows Scripting Host (WSH) in order to work. If you disable WSH, the viral attachment will be rendered harmless.

The virus also drops an HTM file which can spread the virus, and a mIRC script which tries to distribute it.

The virus checks the Internet Explorer Download Directory for the presence of the file WinFAT32.exe. If that file does not exist the virus randomly picks one of four websites and changes the registry to set it as the Start Page for Internet Explorer. The websites point to an EXE file, WIN-BUGSFIX.exe, which is then downloaded and the registry is modified to run the file on reboot. This file is detected as Troj/LoveLet-A.

The Internet Explore Start Page is also set to blank.

The virus copies itself to two places in the system directory where they are executed each time the computer reboots.

The email component of the virus requires Microsoft Outlook to work. If you are using Outlook it will try to send itself to each entry in your Windows Address Book.

The virus also searches all local and networked drives for files that end with the extensions VBS, VBE, JS, JSE, CSS, WSH, SCT or HTA. These files are overwritten with the virus and their extension is renamed to .VBS.

Any JPG or JPEG files are also overwritten by the virus but have the extension .VBS added to the existing filename.

Any MP2 or MP3 files are overwritten by the virus but are also copied to a new file that has the .VBS extension added. The original files are set as hidden.

If the virus determines that mIRC is installed on the system it will drop a mIRC script that will send the virus on via mIRC.