Autor: Majkel (majkel6_at_polbox.com)
Data: Fri 26 Feb 1999 - 07:14:46 MET
PLEASE IF YOU RECEIVE A E-MAIL AND ANOTHER COME TROUGH WITH AN ATTACHMENT
CALLED HAPPY99 .EXE PLEASE DONT OPEN IT AND DELETE IMMEDIATELY.
IF YOU HAVE OPENED IT ALREADY YOU WOULD HAVE SEEN FIREWORKS DISPLAY ON YOUR
SCREEN.
YOU HAVE TO DELETE THIS VIRUS MANUALLY FROM YOUR SYSTEM A.S.AP.
STEPS : 1. CHECK YOUR WINDOWS/ SYSTEM FOLDER FOR THE PRESENCE OF THE
FOLLOWING FILES .
1. SKA.EXE
2. SKA.DLL
3. WSOCK32.SKA
IF YOU HAVE THIS THE TROJAN VIRUS HAVE ATTACKED YOUR COMPUTER.
TO REMOVE :
1. DELETE SKA.EXE , SKA.DLL AND WSOCK32.DLL
2. RENAME WSOCK32.SKA AS WSOCK32.DLL
IF YOU HAVE INTERNET EXPLORER INTEGRATED WITH WINDOWS YOU HAVE TO ALSO DO
THE FOLLOWING:
1. shut windows down and restart in dos mode
2.at the prompt type the bold text: C:\WINDOWS>cd system
3. next prompt and command : C:\WINDOWS\SYSTEM>del wsock32.dll
4. and finally: C:\WINDOWS\SYSTEM >ren wsock32.ska wsock32.dll
5. RESTART YOUR COMPUTER
PLEASE NOTE THAT YOU CAN OPEN THE FILES IN THIS WAY :
1 . CLICK START BUTTON
2. CLICK FIND
3. CLICK FILES AND FOLDERS
4. ENTER VIRUS FILE NAMES AS GIVEN AND SELECT DRIVES (ALL ONE AT A TIME )
AND SELECT SEARCH
5. DELETE IF YOU DO FIND THE FILE
FOR MORE INFORMATION CHECK OUT THE ANTI VIRUS WEB SITE :
http://www.e-musicbox.com/happy99virus.htm
>Hello all,
>
>I'm afraid I've send you a virus.
>If you received for me (or someone else) the file "happy99.exe" as
>attachment, please don't open it because it is a virus.
>If you've opened it, it will infact your wsock32.dll file and you will
>sending this file too with every mail.
>On your computer there will be a file "liste.ska" which will give you the
>list of people you've send it to.
>It also made a copy of your old "wsock32.dll" in "wsock32.ska" so I think
it
>will be gone if you copy back the file.
>For more information see page:
>
> http://www.zdnet.com/zdnn/stories/news/0,4586,2195075,00.html
>
>From this website:
"Happy99.exe worm spreads on Net
Worm is in the wild in Europe -- expected to hit North America soon.
By Bob Sullivan, MSNBC
January 27, 1999 6:44 AM PT
A computer worm called Happy99.exe is making its way around the Internet,
sending hundreds of copies of itself via e-mail attachments and newsgroup
postings.
According to Helsinki, Finland, data security firm Data Fellows Inc., the
worm is currently in the wild in Europe and will likely spread very quickly
to North America. It does not attempt to destroy files on infected machines,
but it sends e-mails and newsgroup postings without the victim's knowledge
and could cause network slowdowns or even crash corporate e-mail servers.
Have an opinion on this story? Add your comments to the bottom of this page.
The worm, so-called because it can replicate on its own, first surfaced a
little over a week ago, and since then, hundreds of newsgroup posters have
complained about the annoyance.
Like most computer pests, it arrives as an e-mail or newsgroup attachment
and infects only users who run the attachment.
Once they do, all victims see is a window with a fireworks display. But
behind the scenes, the worm alters the host computer's winsock32.dll file,
the computer's doorway to the Internet. Then, each time a user intiates
e-mail or newsgroup activity, by either receiving or sending e-mail or
posting to a newsgroup, Happy99 spams the newsgroup or e-mail recipient with
copies of itself. Any type of activity on port 25 or 119 will trigger spam
activity, according to Dan Takata, senior software support engineer of Data
Fellows.
R E A D
Remembering the Net crash of '88
Worm strikes Linux
C O M M E N T
Cyber terrorism? How about cyber hucksterism!
It also keeps a list of the spammed e-mail addresses and newsgroups in a
separate file called LISTE.SKA.
Patch available
Because the original version of winsock32.dll is preserved in backup form as
WSOCK32.SKA, newsgroup posters say they've been able to restore their
machines without much difficulty. Data Fellows has a patch that recognizes
the worm.
It poses no risk to data, but can be more than a nuisance to network
administrators.
"If you have 100 PCs and everyone is checking e-mail at 9 a.m. and this
thing starts flying around, absolutely it can slow down a network," Takata
said. "It can crash your e-mail server. I wouldn't be surprised if it did."
Because the e-mail header contains "MOUT-MOUT Hybrid (c) Spanska 1999."
Takata speculated that the Happy99 author also wrote a series of viruses
known as the spanska viruses (click here for a description). Those were
first reported in September 1997 and randomly displayed political messages,
such as, "Remember those who died for Madrid." "
I'm very sorry about taht.
>good luck
Majkel
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 18:15:41 MET DST