It ends processes belonging to security tools. It is run whenever a file with an EXE extension is run. It reaches the computer in an email message with an attached file.

Windows 2003/XP/2000/NT/ME/98/95/3.X

Valentin.E is a worm that reaches the computer in a file attached to an email message with a variable subject.

In order to increase its infection capacity, it uses a vulnerability through which it is automatically activated when the message is viewed through Outlook. It is a vulnerability in the MIME header which allows files attached to email messages to be run automatically.

If the message is opened with other email services, such as Hotmail or Yahoo, it will be necessary that the user runs the attached file in order to be infected.

Valentin.E is dangerous because:

• It is run every time a file with an EXE extension is run.
• It ends several processes, which belong to security tools and firewalls.
• It gathers information about the affected computer: all the file names and their location. This data can be used to carry out more malicious actions.

Valentin.E is easy to recognize, as it displays the following symptoms:

• It reaches the computer in an email message with the following characteristics:
  
  Subject: related with friendship and love. It can be one of the following, among others:
  Are you looking for Love
  Check ur friends
  Circle Friendship
  d   make ur friend happy
  d friend  Best Friends
  Dont wait for long time Free Screen sav
  Easy Way to revel ur love
  Enjoy friendship
  Enjoy Romantic life Let
  
  Message:
  The message contains a text in which a screensaver is attached and the users are required to send it to their friends.
  
  Attachment: it is variable and with a double extension.
  
  The following image is an example of the email message Valentin.E sends:
  
  
• When it is run, it displays several messages with the text Ur My Best Friend on the screen, like the following: