VBS/LoveLetter copies itself to multiple locations on the computer using various file names. It modifies the startup configuration so that the worm runs each time Windows starts.
The worm can spread through an IRC channel. It can also spread by sending a copy of itself as an attachment to e-mail addresses that it finds in the Outlook address book. The sender appears as the Outlook address of the current user. The subject line, message body, and attachment name may resemble the following example:
Message body: kindly check the attached LOVELETTER coming from me.
Some VBS/LoveLetter variants may also perform actions such as:
Downloading and running files.
Infecting files so they are only recoverable from backups.
Deleting everything on the C drive.
Placing shortcuts with misleading icons on the desktop.
There may be no readily apparent indications of infection by VBS/LoveLetter. However, the following symptoms may appear unexpectedly on a computer infected by this worm: