Love Letter's fallout continues

As PC users around the world struggle to clean up hard drives and networks, "I Love You" virus variants still lurk. How do you protect yourself from malicious mail that leaves its mark?

It's an old but true answer: Diligently update the virus definitions in your antivirus software, and stay wary of attachments to e-mail, antivirus vendors advise.

Still Fighting Variants

The Scan and Deliver service from Symantec welcomes submissions of suspicious files. The antivirus research center will check them for variants of the original VBS.LoveLetter.A.Virus, says Patrick Martin, product manager.

So far, most variants to the Love Letter bug involve simple changes to the subject line or spaces in the code, Martin says. "If they change enough of the Visual Basic script, you could look at it as a new worm."

To fight ongoing variants, Symantec's software checks for certain code that stays consistent in the worm's script, Martin says.

To be safe, Martin suggests you delete attachments with .vbs extensions and be cautious of those with one of the other five extensions in Windows scripting host: JS, JSE, VBE, WSF, and WSH. You can download the latest data definitions through Norton Antivirus LiveUpdate.

Update-Seekers Clog Sites

Logging on to update your definitions is sound advice, but not always easy. Antivirus vendors Symantec, Network Associates, Computer Associates, and others posted updates to detect the Love Letter bug. But getting through was a challenge. Symantec reports nearly 16 times the normal traffic to its LiveUpdate servers during the Love Bug's height of exposure.

You can also find the Norton update at Symantecstore.com and digitalriver.com/symantec. And other sites, including PC World.com, have posted several detection programs.

Network Associates has measured more than 1 million corporate downloads of its McAfee VirusScan since the Love Letter started circulating, says Gene Hodges, president and chief operating officer of Network Associates' McAfee division.

The virus-fighters aren't the only ones with clogged networks. The Love Letter bug shares its payload by infiltrating your Outlook address book and sending out more Love Letters. Consequently, victim companies find their e-mail servers clogged.

"A lot of sites have not yet completely recovered, and their e-mail gateways are still down," says Jeffrey Carpenter, senior Internet security technologist at the Computer Emergency Response Team (CERT) speaking Friday morning at Carnegie Mellon University. "They had so much mail to go through. Some places have had to reinstall the operating system because the resources spent recovering would have been more than rebuilding the machine."

The cost of recovery is running into tens of thousands of dollars at some locations, Carpenter adds. In some cases, damage is difficult to measure. One organization reports losing 40GB of JPEG files, Carpenter says.

Are Your JPEGs History?

If you didn't already have antivirus software in place when the Love Bug bit, some utilities can still help. Both CarbonMedia and Script Logic offer cleaning scripts that will try to remove the infected registry entries, .vbs files, and virus application files.

In addition to clogging e-mail networks, the Love Letter virus infects the graphics files with VBS extensions on your system. It destroys your JPEG files. However, MP3 and MP2 files fare better; they're still on the hard drive, just hidden in the directory, Symantec's Martin says. Those can be recovered fairly easily with utilities that restore deleted files.

Also, methods exist to try to recover JPEGs. InProtect can retrieve many of them, Martin says. The program is part of Norton Utilities, priced at $45 for Windows 95/98, and $89.95 for Windows NT.

Another option is EasyRecovery software from Ontrack. This $49 program also promises to help you recover any lost music and graphics files.

Back Up and Prepare

Once you've recovered, it's time to reassess your backup habits and take precautions.

Online storage services are an easy way to protect your crucial files from damage. SkyDesk is promoting a 30-day free trial. After that, it costs $99 yearly for 100MB of storage space on SkyDesk servers. Others, like I-drive.com and Driveway are free of charge.

Countless support sites and recovery services offer tools to better prepare for future attacks.

PCsupport.com, an online technical support service, sent warnings when the attacks began, says Bruce McDonald, PCsupport.com's vice president of operations. "We were able to pre-warn subscribers not to open [infected mail] and attached the proactive support as well as links to antivirus sites."

Adaptec is offering a free 30-day trial of its GoBack system recovery software. Normally priced at $69.95, GoBack tracks changes on your hard disk and maintains them in a queue, says Jean-Eric Garnier, Adaptec's director of marketing for productivity protection products.

"At any time, you can revert the hard disk to the way it was before you lost that document, were hit by that virus, or installed software," Garnier says.

Of course, if you didn't have GoBack when I Love You struck, it won't recover anything the bug destroyed. But it could help with the next hateful mail, even if it's disguised as a love note.

The IDG News Service contributed to this report.

For more PC news, visit PC World Online. Story copyright PC World Communications.