This is an email worm that uses the recipient's Outlook address book to spread.
Subject: I LOVE YOU
Body: "kindly check the attached LOVELETTER coming from
me."
Emails infected with this worm conatains an attachment, LOVE-LETTER-FOR-YOU.TXT.vbs. Once executed it alters the Windows Scripting Host timeout to 0 to ensure its actions go undetected. The virus copies MSKERNEL32.vbs to the WINDOWS\SYSTEM directory along with WIN32dll.VBS to the Windows directory. The worm then attempts to find the MS Download directory and if there is not one present, it will simply use C:\. Next it checks the WINDOWS\SYSTEM directory for WINFAT32.EXE and if found, randomizes a number between 1 and 4 modifying Internet Explorer's start page to the page associated with the random number so it can download WIN-BUGFIX.EXE. After a successful download the trojan the worm changes the the user's MSIE start page to a blank page.
The worm also generates and HTML file and checks for MICR32.EXE or MLINK32.EXE and generates SCRIPT.INI which then attempts to send the virus.
This worm overwrites all files with the following extensions: .JSE, .CSS, .JS, .WSH, .SCT, and .HTA. Furthermore, it overates and adds .VBS to all .JPG, .JPEG, .MP2, and .MP3 files.
Command AntiVirus version 4.58.3 with deffiles dated May 4, 2000 or later will detect this worm, but in order to remove it you must manually delete the infected files.