[Review] What Is the ILOVEYOU Virus & Tips to Avoid Virus

The latter file extension of the attachment “vbs”, a type of interpreted file, was most often hidden by default on Windows computers of the time since it’s an extension for a file type that is known by Windows. Therefore, it made the unwitting users think that it was a normal text file.

What Did the ILOVEYOU Virus Do?

On the machine system level, ILOVEYOU exe relied on the enabled scripting engine system setting (which runs scripting language files such as .vbs files) and took advantage of the feature in Windows that hides file extension by default, which malware authors would use as a flaw.

Windows would parse file names from right to left, stop at the first period character, and show only those elements to the left of this. The virus file, having two periods in its name, could display the inner fake txt file extension. Real txt files are considered to be secure for they can’t run executable code. 

ILOVEYOU virus made use of social engineering to entice people to open the attachment file to ensure continued propagation. System weaknesses in the design of Microsoft Windows and Outlook were exploited that enables malicious code to be able to access the operating system (OS), system & user data, and secondary storage by recipients clicking on an icon without knowing the risk.

However, to open the attachment will activate the visual basic script. ILOVEYOU virus causes damages on local computers. It searches connected drives and replaces files with extensions .doc, .jpg, .jpeg, .mp3, .mp2, .css, .js, .jse, .vbs, .vbe, .wsh, .sct, and .hta with copies of itself while appending the additional file extension .vbs, making infected computers unbootable. Yet, MP3s and other audio-related files would be hidden instead of overwritten.

How Did ILOVEYOU Virus Spread?

The virus propagates itself by sending a copy of the payload to all addresses in the Windows Address Book used by Microsoft Outlook. It also downloads the Barok trojan renamed for the occasion as “WIN-BUGSFIX.EXE”.

Messages generated in the Philippines began to spread westwards via corporate email systems.

Since ILOVEYOU malware uses the mailing lists as its target source, the emails usually appear to come from acquaintances. Thus, receivers tend to regard them as “safe” and open them without delay. Therefore, a few people accessing the attachment will finally lead to millions of copies that can cripple email systems and destroy millions of files on computers in each successive network.

This allows the ILOVEYOU virus to spread much faster than any other email worm. It was born in the Pandacan neighborhood of Manila in the Philippines on May 4th (Thursday), 2000. The following daybreak, as employees began their daily work, the virus was spread first to Hong Kong, then Europe, and finally the United States.

ILOVEYOU Virus Effects

The infection of ILOVEYOU was later estimated to have caused US$10 billion financial loss worldwide and to cost US$ 10 – 15 million to remove the virus. Over 10 days, more than 55 million infections had been reported. It is estimated that 10% of Internet-connected computers in the world had been affected.

The cited ILOVEYOU virus damage was mostly the time and effort paid to handle infection and recover files from backups. In order to protect themselves and stop the ILOVEYOU virus, the British Parliament, The Pentagon, CIA, and most other large companies decided to completely shut down their mail systems.

At the time, the email malware attack was one of the world’s most destructive computer-related disasters ever. It also inspired the song “E-mail” on the Pet Shop Boy’s UK top-10 album of 2002, Release, whose lyrics play thematically on the human desires which enabled the mass destruction of this computer infection.

What Is a Trojan Virus? How to Perform Trojan Virus Removal?

What is a Trojan virus? What does a Trojan virus do? How to remove the Trojan virus from your computer? This post shows you the answers.

Read More

Who Created the ILOVEYOU Virus?

ILOVEYOU virus creator is Onel de Guzman, who was then a poor 24-year-old college student in Manila, Philippines and struggling to pay for Internet access. He created the worm to steal other users’ passwords so that he could log in to their Internet accounts without paying.

ILOVEYOU virus adopted the same principles that de Guzman had written in his undergraduate thesis at AMA Computer College. Onel said that ILOVEYOU was very easy to create thanks to a bug in Windows 95 that would run code in email attachments when the user clicked on them.

Originally, the ILOVEYOU virus was only designed to work in Manila. Later, Onel de Guzman removed the geographic restriction out of curiosity, which enabled the malware to spread worldwide. However, de Guzman didn’t mean that. Onel de Guzman justified his behavior on his belief that Internet access is a human right and he wasn’t actually stealing.

Since there were no laws in the Philippines against creating malware then, the Philippine Congress enacted Republic Act No. 8792, also known as the E-Commerce Law, to discourage future malware events in July 2000.

What Language Was the ILOVEYOU Worm Written In?

The attached ILOVEYOU file was written in Microsoft Visual Basic Scripting (VBS) that runs in Outlook and was enabled by default. The script adds Windows Registry data for automatic startup on system boot.

The fact that the ILOVEYOU virus was written in VBS provided users a way to modify it. A user can easily modify the malware to replace important files in the system and destroy the OS. This enables over 25 ILOVEYOU variants to spread across the Internet with each one doing different kinds of damage.

Most variants had to do with what file extensions were affected by the virus. Others just simply modified the email subject to make it targeted towards a specific audience, such as the variation “BabyPic” for adults and “Cartolina”/ “Postcard” in Italian. Some others only modified the credits to the author that were originally included in the standard version of the virus; they remove the author credits completely or reference false authors.

How to Remove ILOVEYOU Virus?

If a user hasn’t opened the attachment of the love letter and has been infected by the virus, he can remove the virus by simply finding and deleting the virus files on his computer and completely delete them from his machine.

• Search for “*.vbs” files on your hard drives and delete all of them.
• Search for “LOVE-LETTER-FOR-YOU.HTM” file found in the Windows system directory and delete it.
• Search for “WIN-BUGSFIX.EXE” and “WINFAT32.EXE” found in the Internet Explorer download directory and delete them.

Don’t forget to empty your Recycle Bin after deleting all those files and restart your computer.

How to Avoid Data Loss Caused by ILOVEYOU or Similar Virus?

Though it has been over 20 years since the ILOVEYOU virus infection, it is still necessary to know how to protect yourself from losing data once been attacked by similar viruses in the future. Then, what are the suggestions?

Tip 1. Be Cautious to Open Email Attachments

Never download and open files coming from strangers, as well as click the links included in the message. Even for acquaintances or friends, if they send you an attachment without your expectation, don’t hurry to open it before confirmation. You can reply with an email or call him to ask that whether he sends you the file with attention or not. If he does attach the file, you can open it; if not, delete the mail completely and have a virus scan for your whole computer.

Tip 2. Make Full Use of Your Firewall and Security Programs

Computer OS itself is equipped with a firewall to stop viruses, malware, worms, trojans, spyware, ransomware, adware, etc. from entering into your machine.

However, some cunning viruses can successfully bypass the firewall by cheating. Then, you should rely on security tools to fight against those viruses. Commonly, you need to scan over your computer for malicious files and delete them once and for all. Anti-virus software can also help you monitor your machine in case of unexpected attacks.

How Can You Fix Failed Virus Detected Error in Google Chrome?

What should you do if you download a file from Google Chrome but get the error “failed virus detected”? Here is how to easily remove it.

Read More

Tip 3. Frequently Back up Import Files

Just as mentioned in the above content, if you have a backup copy of your vital files, you are able to recover them after virus infection. Therefore, creating a backup of crucial items is of great importance.

Then, how to make a backup of important files? For Windows users, you can back up your system by Backup and Restore and copy your files via File History (for Windows 10/11). Yet, both Windows built-in programs can’t establish more advanced scheduled backups based on your own situations. So, you may need to rely on a professional and reliable backup application like MiniTool ShadowMaker.

Click to Tweet

MiniTool ShadowMaker is powerful and secure tool that can back up files/fodders, photos/images/pictures/graphics, music/songs/audio files, videos/movies, etc. It can also back up the system, hard disks, and partitions/volumes. To use it, first of all, you need to download and install it on your computer. Then, follow the below guide to create a copy of your important files in case of cyber attacks caused by malware like the ILOVEYOU virus.

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

Step 1. Launch MiniTool ShadowMaker and click Keep Trial when it asks you for purchase.

Step 2. When it comes to its main interface, click the Backup tab on the top menu.

Step 3. In the Backup tab, click the Source option on the left to select the files you want to back up.

Step 4. Click the Destination option on the right to choose a place to store the backup image. It is recommended to pick up an external storage space such as a USB flash drive.

Step 5. Click the Schedule button on the lower left, switch on the schedule settings in the bottom left of the pop-up window, and set up a backup schedule that suits your needs.

Step 6. Finally, click Back up Now in the Backup tab.

Wait until the backup process finishes. Then, you have successfully created scheduled protection for your important data. MiniTool ShadowMaker will carry out the same task automatically in the future based on the schedule you specify.

Thank you for spending your time reading through this article. I believe that you have a deep understanding of the ILOVEYOU virus and know how to deal with similar viruses in the future. Anyhow, if you have any opinion on this topic or similar themes, feel free to discuss them below. Or, if you encounter any problem using MiniTool ShadowMaker, just contact us at [email protected].

What Is a Polymorphic Virus and How to Prevent It?

Your computer could be infected with a polymorphic virus and then you may suffer from data loss, so how to prevent it? Read this post to find the answer.

Read More

ILOVEYOU Virus FAQ