Investigators are working on clues from the hacker's own words.

In the text of the "Love Letter" virus, the user dubbed "Spider" writes, "I hate go to school" and that the virus is "simple but I think this is good."

About 300,000 mail hubs were infected worldwide. Computer systems were infected Thursday as the virus, proclaiming "ILOVEYOU" in the subject line of an e-mail, overwhelmed networks and burrowed into computer hard drives, destroying files containing precious photos and video.

Giant corporations had to shut down their e-mail systems for much of Thursday, including AT&T, Ford and Disney. Government offices, including the U.S. State Department, Army, Navy and Pentagon, were all affected.

One computer security firm estimates that half of all U.S. companies were affected, and damages could reach $1 billion.

The virus can be passed along by any e-mail program, but the virus is able to e-mail itself to other users only when activated on a PC that uses Microsoft Outlook.

The viruses can erase files on the user's hard drive when opened from a variety of e-mail programs.

But they are especially ruinous to Microsoft's Outlook e-mail program because they seize control of the Outlook address book and e-mail the virus to everyone in the book. The resultant flood of meaningless e-mails slows down systems and makes it difficult to use e-mail for actual communication.

Because it infects a PC only when the attachment file is opened, the ILOVEYOU virus is less communicable than the November 1999 "Bubbleboy" virus: Exploiting Outlook's message-preview function, Bubbleboy could infect users' PCs even if they did not open the message. The "Love" virus is activated only when the user double-clicks on the attachment.

But ILOVEYOU has a devilish side that Bubbleboy didn't: If a user opens the "Love Letter," the virus attacks multimedia files that were previously stored on the PC -- such as JPEG and GIF image files and MP3 sound files -- and replaces them with dummy versions that contain the virus.

"It is less easily transmitted than other viruses, but if your computer is infected, it does much more harm than the traditional virus," said Steve Morman, a The KCRA Channel tech-support writer.

For businesses with computer networks, system administrators are advised to set up filters that screen out e-mails with the incriminating subject line and file attachment.

For individual users who suspect they are infected, the most important thing to do is get up-to-date anti-virus software and run it in hopes of deleting all copies of the virus.

But some of the copycats are trickier.

According to a warning posted on F-Secure's site, the "Mother's Day" variant has this message in the body of the e-mail:

We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com

Symantec officials told The KCRA Channel that the Love virus looks for those files -- including MP3 music files and JPG and GIF-type image files -- erases their contents and inserts its virus into the file instead. The virus then renames your file with a ".vbs" extension at the end. For instance, "mypicture.gif" would become "mypicture.gif.vbs" after the virus attack.

Also affected are image files with the extension JPG and MP2 music files, as well as several types of technical files used by Windows such as "VBS" files.

Lesson relearned: Make backup copies of important files, including images and songs.