Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Sent by email.
VBS.LoveLetter spreads over Windows email program, using all Outlook saved addresses. It only affects email systems with active contents.
The virus makes a registry entry for skipping this step at further calls:
Then, the virus checks for the following key:
If the key is found, the virus tries to download a program, if not yet available, from one of the three FTP servers 18.104.22.168/hcheck.exe; alw.nih.gov/incoming/hcheck.exe; archive.egr.msu.edu/incoming/hcheck.exe and runs it. This file, a password stealer program, is no longer available on the servers. Then it sends the selected file, included in the above registry entry, to the following email addresses: email@example.com; firstname.lastname@example.org; email@example.com. It also saves a copy of the file in CP_21863.NLS file in Windows system directory.
Description inserted by Crony Walker on Tuesday, June 15, 2004