From: "Dennis S. Wish" <dennis.wish(--nospam--at)gte.net>
Date: Thu, 4 May 2000 10:20:38 -0700
I was just watching CNBC Financial and they are not taking E-mail questions
as they normally do because of the "I Love You" Virus. It's starting to make
an impact on large businesses today.
If this "worm" (I believe it is a worm rather than a virus) does change a
registry setting then the best thing you can do is to restore the last
version of the registry backup that has been made. If you are running
Windows 98SE (the latest edition) then your system files back themselves up
once a day and keep up to five backup copies on your hard drive.
If you are using a product like Symantec's or Ontrack Fix-it you can use
these products to restore backup registry files. If you don't use them then
here is a fix you can use.
1. Close down your Windows session to MSDOS. Don't reboot if there is a
chance that your backup files will be overwritten by an infected registry
2. The two files you want to change are called System.Dat and User.Dat.
There should be a BAK file for each of these and you might want to note the
date on these files to see if they predate the virus message received. These
two files are located in the C:\windows directory (unless you call it
3. The files are write protected and hidden. You need to run the following
command at the DOS prompt:
attrib System.* -h -r <enter>
attrib User.* -h -r <enter> "This will unhide and unprotect the two files
you want to change - including their backup files"
DEL System.Dat <enter>
DEL User.DAT <enter>
copy System.BAK System.Dat <enter>
copy User.Bak User.Dat <enter>
"NOTE: this assumes that your BAcKup file is not corrupted. If it is, you
need to seach for the System and User files with an extension 001 through
005. Starting with the most current, rename each the System.00x and User.00x
(where x is a number 1 through 5) as noted above for the BAK files.
attrib System.* +h +r <enter>
attrib User.* +h +r <enter>
Before you reboot your system, Check your Autoexec.Bat and Config.Sys files
(along with the Win.INI and System.INI for any date changes that may have
occured in the last few days. If you suspect one of these files as having
changed, you may need to load them into Notepad.exe and look for the
IF AT ANY TIME YOU ARE UNCOMFORTABLE WITH THESE INSTRUCTIONS, HIRE A
CONSULTANT TO WORK ON YOUR SYSTEM RATHER THAN DOING THIS ON YOUR OWN. MAKE
SURE THAT WHOEVER YOU ALLOW TO TOUCH YOUR COMPUTERS KNOWS EXACTLY WHAT THEY
ARE DOING. IF IN DOUBT, DON'T HIRE THEM.
IF YOU ARE IN A MID OR LARGE OFFICE, YOUR SYSTEMS ANALYST SHOULD BE ABLE TO
Dennis S. Wish, PE
This will reinstate the
From: Jack_Creviston(--nospam--at)kawneer.com [mailto:Jack_Creviston(--nospam--at)kawneer.com]
Sent: Thursday, May 04, 2000 8:07 AM
Subject: off-subject: virus
Does anyone have the fix for the "I LOVE YOU" virus? Manual (changing the
registry yourself) or for Norton antivirus? The Symantec website is
clogged - I can't get anything from them. If so, can you email it to me