valentinecard.exe - Dangerous

valentinecard.exe

Manual removal instructions:

Antivirus Report of valentinecard.exe:
valentinecard.exe Malware
valentinecard.exeDangerous
valentinecard.exeHigh Risk
valentinecard.exe
I-Worm.Valcard

This worm spreads via Internet as files attached to infected messages.
Sends infected messages to all address from MS Outlook Address Book.
Infected messages have the following characteristics:

Attachment: ValentineCard.exe
Header is one of the following strings:
Secret Admirer
Somebody Loves You
Romance from Afar
Love at first sight
...when sleepers wake and yet still dream...
Be Mine ?!
Yours Always
Happy Valentines
From Me To You
Thy eternal summer shall not fade
I can express no kinder sign of love, than this kind kiss
Poetry is an echo, asking a shadow to dance
O, beauty, till now I never knew thee!
Romantic gesture
Good night, sweet prince, and flights of angels sing thee to thy rest

Body is one of the following texts:
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Febuary Feelings
It's that time of year again.
But I'm still only sedning a card to you.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Hi
I feel like a child sending you this card
but I just had to do it.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

...and every breath I ever took,
every tear I ever wept,
Every star I wished upon,
Seemed nothing until now.
Happy Valentines
I hope you like the card I've attached,

In this life we cannot do great things.
We can only do small things with great love.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Copies itself as "ValentineCard.exe" and adds the value:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 14th = %SystemDir%\ValentineCard.exe

The worm writes the flag into the registry
HKLM\Software\Microsoft\Windows\CurrentVersion Valentine = true
that mean the system was infected.

The worm code has a bug so it does the following:
Creates the file "C:\evil.jpg" with WAV content and opens it. But system not plays the WAV file.
If you will rename this file with WAV extension, you will hear: "Somebody loves you".

Worm also must open the window (but it's not) with the message:
I Love You !

On thursday worm reboots the Windows.
Remove this worm by RegRun Startup Optimizer.

Remove valentinecard.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.