Love Letter Email Virus and How to Remove It

Ransomware virus alert on a computer laptop screen, blur office background. 3d illustration

Love Letter email virus with subject line “My Love Letter for You” delivers ransomware and crypto mining malware through a JavaScript attachment.

Ransomware attacks are not uncommon in today’s cyber world. With billions of computers at work around the world, cyber criminals are often successful in finding the vulnerable ones.

The Love Letter email virus is an example of malware that causes extensive damage.

After its debut in 2000 as a worm released in the Philippines, variations of the “I LOVE YOU” campaign have continued to do the rounds.

In its most recent form, the email arrives with the subject line “My love letter for you,” and an attachment named Love_You_20918824-2019-txt.zip.

Dangerous Malware with Severe Consequences

The JavaScript file contained in the email attachment downloads and installs not one, but two malicious programs. The first, GandCrab 5.0.4., is a known form of ransomware which loses no time in encrypting and blocking files on the compromised system.

The second, XMRig Miner, is a cryptocurrency miner. XMRig Miner will setup its illicit crypto-mining activities in the background, but will often quickly utilize the full power of the infected system’s resources, slowing the machine and making it vulnerable to excessive wear and tear. XMRig Miner is known to mine for the digital currency Monero.

The JavaScript file, named Love_You_20918824-2019-txt.js, leads to suspicious processes such as 1119713827.exe, wincfg32scv.exe and 2987227227.exe running in the task manager.

Using a good anti-malware program to scan your computer for malware and remove any malicious content, including the Love Letter email virus, is considered the quickest way to solve this issue.

But that would mean your first buying and installing the right anti-malware program.

If your system is infected, then either you don’t have an anti-malware or the one you have has not done its duty.

Removing the malware manually does have its set of risks, but knowing how to do it can be helpful.

Manual Removal of GandCrab 5.0.4 and XMRig Miner Viruses:

  1. Navigate to Task Manager.

ctrl-alt-delete-screen

2. Of the programs running on your system, select suspicious or unrecognized programs or applications and delete them.

3. Download Autoruns, a Windows program which shows auto-start programs and makes it easier to isolate malicious programs.

Autoruns screenshot.

4. Restart your computer in Safe Mode.

a. For Windows 7: Press F8 repeatedly upon restarting until the Windows Advanced Option Menu appears. Select Safe Mode with Networking.

b .For Windows 8: Type advanced in the search panel, select settings. Select Advanced Startup Options, Advanced Startup and then Restart Now. Select Troubleshoot in the new menu that will appear after restarting. Click Advanced Options, Startup settings and then Restart. Your computer will restart displaying the Startup Settings Panel. Press F5 to select Safe Mode with Networking.

c. For Windows 10: Click on Restart in the Power Button menu while holding down shift. Select Troubleshoot, Advanced Options, Startup Settings and Restart. Press F5 in the Startup Settings menu.

5. Open and run exe.

Open and run exe

 

6. Select Options and uncheck Hide Empty Locations and Hide Windows Entries.

Hide Empty Locations and Hide Windows Entries

7. Click Refresh.

8. Observe the programs remaining in the list and look for anything suspicious. Malicious files may be embedded within Windows programs which can make deleting the risky.

However, subtle clues involve the timestamp which may be too recent to correspond with your purchase of the computer or any updates, or the description or publisher not corresponding with other Windows programs.

If you find programs that you are 100% sure are malicious, take note of their full name and pathway before deleting.

9. Deleting the program in the Autoruns program ensures that it will not start automatically next time you boot up your computer, but does not remove it from your computer.

The next step is to enable hidden files and programs before searching for the malware using the full name and pathway noted from the previous step.

Once found, remove the program by right clicking on the folder and selecting delete.

10. Finally, Restart your computer in normal mode. Now is a good time to purchase a reputable anti-malware program and run a scan in order to check for any remaining malicious programs.

Prevention Better Than Cure

If your computer is secure from day one, and you avoid opening suspicious emails and attachments, there is every likelihood that you can keep any tough hacker away.

Suffering a cyberattack and then carrying out damage control is not the best solution for you or your machine.

There should be no doubt in your mind that the cost involved in buying and installing a good anti-malware program is much less than the cost that you may end up paying if your system gets infected.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.