Aliases: VBS.Loveletter.Var
Variants: W32/STAYRINA

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe
Removal: Easy
Platform: W32
Discovered: 04 Sep 2002
Damage: Low

Characteristics: This is a mass-mailing application. The worm tries to launch itself to all the addresses in Address Book of Microsoft Outlook. "THE MOST BEATIFULL EYES EVER!!!” This is the subject of the message in the email and there’s no attachment. It produces Basic Visual script. When this script was executed, it attempts to build up itself to run every time you are starting Windows by making some changes to the registry of your computer.

More details about W32.Stayrina

According to sources, this worm application is capable of allowing a remote user to access the affected computer. This is done through a backdoor on the affected computer. The remote user can send some commands to the worm application on the affected computer. Some of these commands may include spreading of threats to other systems and uploading and downloading of unwanted files. The W32.Stayrina program is said to be difficult to detect and remove from the affected computer. It attempts to terminate the running processes of anti-malware applications that are protecting the computer. The system becomes more vulnerable in getting infected with malware without an anti-malware application protecting the computer. A computer that is infected with this worm application is capable of shutting down or restarting by itself. This is because the worm application is capable of disabling the entire system.

This virus affects the Windows XP, Windows 2000, Windows NT, Windows 95, Windows Me, and Windows 98. When the W32.Stayrina program runs, It is copying itself. It also adds value in the registry key. It tries to email the accomplished part to the addresses in the Address Book in Microsoft Outlook. On the other hand, this fall short and no attachment. The Basic Visual script piles up each email address to which sends the type of message under the registry key as values. It executes this to make sure that it doesn’t send itself twice and more than it to the e-mail address.