Recovery From Love (Bug) Sickness

SAN FRANCISCO (05/08/2000) - Still fighting the Love Bug? Business is busy for antivirus and file-recovery tool vendors, which offer a selection of wares to help restore your system to its old self.

Now available from Symantec AntiVirus Research Center, fixlove.exe is a free tool to repair the Windows registry and Internet Explorer settings damaged by VBS.LoveLetter.A.worm and its variants. For US$49, EasyRecovery for VBS.LoveLetter Worm from Ontrack Data can help recover lost image and music files. Both tools are to be used only after you've cleaned your system with updated antivirus software.

"After you scan and delete infected files, the fix tool spends most of its time fixing registry settings," says Patrick Martin, a Symantec Corp. product manager.

The so-called Love Bug, or Love Letter virus, traveled by e-mail identifiable by the subject header "ILOVE YOU." The virus propagated by relaunching itself continuously to another group of victims, drawing names from address books maintained by Microsoft Corp.'s Outlook.

A poll distributed by Angus Reid Group and Symantec finds 26 percent of those with Internet access at work say their companies were exposed to the Love Letter virus. Only 3 percent of those with computers at home reported problems.

The Love Letter worm creates a registry key for each system it enters through e-mail, Martin says. "We go in and delete those excess registry keys."

Fixlove.exe resets your home page to Symantec and uncovers hidden MP3 and MP2 files, Martin says. But it doesn't recover deleted image files.

You can do everything fixlove.exe does manually, but unless you're experienced with registry keys and hidden files, it's best to use the tool, Martin says.

In Search of Image Files

Part of Norton System Works, Nprotection can recover your lost JPEGs, provided it was running when you were attacked, Martin says.

If you didn't have that foresight, Ontrack's EasyRecovery offers extensive file recovery. It extracts JPEG, JPG, MP3, and MP2 files to a path you select, and restores them with numerical names but appropriate file extensions.

It's difficult to recover images eaten by the Love Letter worm, says Jim Reinert, director of software products at Ontrack. The virus leaves a copy of the original JPEG in free space area of your hard drive, which is not normally accessible, he adds.

EasyRecovery searches, finds, and identifies blocks of data as JPEG files, Reinert says. "It uses signature matching to bring back pieces."

A Real-Life Bug Recovery

An early victim of the Love Bug myself, I tried EasyRecovery to recover lost JPEGs. (I'd already purged my system of the worm but lost a number of multimedia files in the experience.) The software unzips to a floppy disk with instructions to insert the disk and reboot your Windows system. Upon reboot, the utility tells you to choose to recover JPEG or MP3 files, or quit.

I chose JPEG and soon saw a ticker that read 250 files recovered. I only had a handful of JPEGs on my machine so, concerned, I hit quit and restarted.

It turns out EasyRecovery works a little too well. I didn't specify the volume from which it should recover files, and I ended up with a hard disk filled with countless images that I've never seen. They're probably from PC World colleagues on the network. EasyRecovery recovered JPEGs from all over.

Beware Virus Disguised as Cure

Despite the array of worm fixes circulating the Internet, experts suggest you continue to be wary. Especially insidious are e-mail messages that claim to be a fix. It might be the Love Bug with a new lease on life.

Symantec reports several strains of the Love Bug are posing as technical support from antivirus services. One version lists Symantec as the return address and bears the subject line "Virus ALERT!!!" The attached file, "Protect.vbs," is a variation of the worm. Another strain poses as a McAfee alert in a similar manner.

Despite antivirus updates and Love Bug recovery tools, the Love Letter virus is still costing money. Computer Economics estimates damages have reached $4.74 billion in the four days since the ILOVE YOU worm first wiggled its way across the Internet. And that doesn't include weekend havoc from the many variants.

E-mail viruses or worms are likely to continue popping up. Experts advise you to be careful of attachments from unknown sources and to keep your antivirus software up to date.

And back up your data, Reinert says. For $7 monthly, Ontrack's Rapid Recall product will back up 100MB onto a server, he says.

Join the newsletter!

Error: Please check your email address.

More about Angus Reid GroupMcAfee AustraliaMicrosoftSymantec

Show Comments

Market Place