This is a VBS Internet worm based on the “LoveLetter” worm. The worm spreads
To send infected messages, the worm uses MS Outlook and sends its copies to
The worm also sends its copy to the IRC channel. To do that, it overwrites the SCRIPT.INI
and leaves that conference.
The worm also creates its copy COOL_NOTEPAD_DEMO.TXT.vbs in the Windows system
where FileName is the full name of the worm copy in the Windows system directory.
The worm has a side effect. It hides all icons on the Desktop by a Registry key:
|Find out the statistics of the threats spreading in your region|