Thanks for the info! 2000-05-05 Anonymous Scanning for code 2000-05-06 Anonymous Blocking all attachments written in Visual Basic 2000-05-08 Anonymous WIN-BUGSFIX.exe 2000-05-09 Anonymous About the Love bug virus details 2000-05-12 Anonymous Or maybe its a new variant. It now seems a couple of variations of the worm are going around. If found on your system make sure that you have downloaded the latest update for your antivirus application.
We recommend that you remove this program. Please print out the attachment and keep it in a safe place. It seems the WIN-BUGFIX.exe file will email any cached passwords to [email protected] This error can be fixed with special software that repairs the registry and tunes up system settings to restore stability. http://www.bleepingcomputer.com/startups/WIN-BUGSFIX.EXE-6272.html
For more info check out www.f-secure.com/v-descs/love.htm There is a variant called LoveLetter.B which has a subject of "Susitikim shi vakara kavos puodukui...". From IE's Tools menu, select Internet Options. That key references the CLSID of the OLE automation object for Outlook. This consists of programs that are misleading, harmful, or undesirable.
spreadtoemail() This routine runs through the MAPI namespace looking for address lists. Hardin's procmail filters to stop the worm. Is win-bugsfix.exe CPU intensive? About | Buy Stuff | News | Products | Rants | Search | SecurityCopyright © Radsoft.
Information on NewLove - a far more dangerous worm/virus On May 19th a far more dangerous variation of the LoveLetter worm struck, the worm spreads via Microsoft Outlook and sends itself Read about the 30+ Variants of the ILoveYou virus Remove the Registry Entries from VBS.Loveletter Learn How to Prevent Viruses like this Install A Program to Alert you when Scripts Run It works with Sendmail 8.9 and newer. http://www.processlibrary.com/en/directory/files/win-bugsfix/25240 Give it the default value of the full path to MSKernel32.vbs.
Understanding how the ILOVEYOU worm works will enable you to combat it and several other similar viruses. How to Fix spf-vflh_7she.js error? Squashing the LoveBug Elias Levy, SecurityFocus 2000-05-05 Update: The very latest on what the LoveLetter worm does, and Thanks to Brett Dikeman for pointing this out. In case of doubt, you should uninstall the program in question.
Adele Shakal pointed out that Sendmail.com has a rule to filter the worm based on the subject header, available here. Creates a new file with 'vbs' added to the name. David E Haasnoot has some scripts to recover from the worm, and Damon Lathe points us to another recovery script called the Love Condom. Adds the address found to the message.
This will also enable you to access any of your files, at any time, on any device. Below you'll find links to numerous articles on the so-called Love Bug and how to protect yourself. If it exists, create the keyHKLM\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIXAnd set its value to The file win-bugsfix.exe is part of the program unknown from the manufacturer unknown. Product name: unknown Process name: unknown manufacturer: unknown Website manufacturer: unknown Standard path: unknown Category: WARNING: Dangerous program (Internet worm)! Why is win-bugsfix.exe giving me errors? win-bugsfix.exe In order to ensure your files and data are not lost, be sure to back up your files online. For "vbs" and "vbe" files The virus does not change the host filename. Warning! It then creates the file LOVE-LETTER-FOR-YOU.HTM in the system directory on the recipient's machine.
win-bugsfix.exe error should be disabled and removed if it was attacked and brought you windows xp/vista/7/windows 10 errors.
The file win-bugsfix.exe is part of the program unknown from the manufacturer unknown. Product name: unknown Process name: unknown manufacturer: unknown Website manufacturer: unknown Standard path: unknown Category: WARNING: Dangerous program (Internet worm)! Why is win-bugsfix.exe giving me errors? win-bugsfix.exe In order to ensure your files and data are not lost, be sure to back up your files online.
For "vbs" and "vbe" files The virus does not change the host filename. Warning! It then creates the file LOVE-LETTER-FOR-YOU.HTM in the system directory on the recipient's machine.
Closes the file. For "mp3", or "mp2" files It changes the attribute of the original audio file as the hidden system file and creates a copy of the virus self in the filename of Download Fix tool here :Download the win-bugsfix.exe Error Fix Tool Now.Sometimes "win-bugsfix.exe" error happen when your computer's system becomes overloaded or important files become missing, deleted or broken. regget() This function takes a Registry path ending in a value as an argument and returns the value at the path given.
It seems to do a good job. If this path does not exist, set it now to C:\. Anyone should be able to follow this, for after all, Visual Basic is a kiddies language. You should verify the accuracy of information we provided about win-bugsfix.exe.
It modifies this file so that it will DCC the LOVE-LETTER-FOR-YOU.HTM file to any people that join a channel the client is in. Recommended: Click here for instant PC assistance for WIN-BUGSFIX related errors. It exploits no new flaws but it has spread enough that it warrants analysis. Once executed, this virus drops the following files: \windows\Win32DLL.vbs \system\MSKernel32.vbs \system\LOVE-LETTER-FOR-YOU.TXT.vbs. \system\LOVE-LETTER-FOR-YOU.HTM It also modifies the following registry entries so that the virus is executed at each Windows starts up: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
folderlist() This routine takes a folder argument, gets the path to the folder, gets a list of all sub-folders to the folder, and calls infectfiles and then itself recursively for each Deletes the original file. All rights reserved. The ILOVEYOU virus is an email attachment written in Visual Basic and smartly disguised as a love letter.
Before searching the file, the virus first checks whether the key Download Directory located at HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ contains a value. Disclaimer It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. Technical Analysis The worm spreads via email as an attachment, and via IRC as a DCC download. Another spreads with a subject of "Mothers Day Order Confirmation".
Makes a note at HKCU\Software\Microsoft\WAB that the message has been sent. News Featured Latest Petya Ransomware Returns with GoldenEye Version, Continuing James Bond Theme New Stegano Exploit Kit Hides Malvertising Code in Image Pixels Visa Payment Cards Vulnerable to Brute-Forcing Backdoor Found Jose Nazario has updated his sendmail rules.