Ok, this thing is pretty nasty... Here is a quick summary of what it does. Should you run it, you will lose any files of the following extensions. They will be renamed to filename.extension.vbs with a fresh copy of the replication part. File extensions affected: vbs,vbe,js,jse,css,wsh,sct,hta,jpg,jpeg,mp2,mp3. Every file with that extension is overwritten with the virus. It looks to be localized to mounted hard drives. It does not appear to affect mapped network drives. It also makes a dozen or so registry entries including one to reset your start page to the following URL. http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwer... I have not gone to this URL yet to see what it is, but it downloads a copy of a file called WIN-BUGSFIX.exe. In addition, it creates a MIRC script called script.ini to DCC SEND this to whatever channel you are on. Of course it sends it to everyone in your address book with the subject ILOVEYOU. It looks to only affect people who actually run the vbs script. I would assume that if you are not on a Windows platform that you are not affected. I'll let you know more when we find more. Cheers, Branden R. Williams <brw@netvitality.net> Vice President, Systems - NetVitality, Inc. http://www.netvitality.net/ Internet Commerce Specialists