That’s not good, we had loveletter here as well and I had to restore most of our picture files from a backup. I hope jpg files are not important to your work or you may be in trouble. This virus copies itself into all drive letters it can find on the infected computer. It replaces JPG ( picture files ) and sometimes MP3's too.
Here is a link to information about this virus, print out a copy of this webpage and give it to your IT guy and tell him that you found it. Even though you are deleting the virus on your computer, there may be copies on the network too that he should check, not to mention the registry edits he may need to do to get it off your system completely.
Quote:
This worm searches all drives connected to the host system and replaces the following files:
*.JPG
*.JPEG
with copies of itself and it adds the extension .VBS to the original filename. So PICT.JPG would be replaced with PICT.JPG.VBS and this would contain the worm.
The worm also overwrites the following files:
*.VBS
*.VBE
*.JS
*.JSE
*.CSS
*.WSH
*.SCT
*.HTA
with copies of itself and renames the files to *.VBS.
---quote continued...
This worm also has another trick up it's sleeve in that it tries to download and install an executable file called WIN-BUGSFIX.EXE from the Internet. This exe file is a password stealing program that will email any cached passwords to the mail address MAILME@SUPER.NET.PH |