At 19:55 99/03/22 +0000, you wrote:
It modifies wsock32.dll to send itself as an attachment when a posting
is made to USENET and othe Mail....
I am not sure, but it should be picked up on these "secondary" postings
using a virus checker that operates all the time in the background.
Grateful for any other information that members of the list may offer.
Hi John and all,
If anyone on the list does become infected with this nasty virus
there are a number of cures that will help to remove it. Following a recent
outbreak on the Euro Scanner (ESL) List, I details on a number of places
where you can find programmes that will deal with it:
-----------------
Any of you still suffering from the Happy 99 virus thingey then help
can be obtained from:
Happy99Cleaner 2.0, Windows 95/98/NT Freeware:
http://www.softseek.com/files/review?UTVI23313sw
Regards ,
John, Oxford, UK
-----------------
On the doctor Solomon's web page they say they can detect this virus.
Please see: http://beta.nai.com/public/datafiles/valerts/vinfo/w32ska.htm.
They supply extra drivers for your installation.
------------------
Please see http://www.geocities.com/SiliconValley/Heights/3652/SKA.HTM
------------------
++++ How to remove Happy99.exe Virus ++++
You can remove this trojan manually from your computer.
To do this, first check the WINDOWS\SYSTEM folder for the presence of
these files.
1. SKA.EXE
2. SKA.DLL
3. WSOCK32.SKA
If you find these files then you have been attacked by the Happy99
Trojan.
To remove this trojan do the following:
1. Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
2. Rename WSOCK32.SKA as WSOCK32.DLL
Make sure that you have WSOCK32.SKA file before deleting WSOCK32.DLL
and ensure that you have renamed this file properly. You may have to
close your Browser, Email software, etc. to delete and rename the DLL
files.
If you have Internet Explorer integrated Windows, you may have to do
it in dos mode.
1. Shut down windows with the RESTART IN DOS MODE option.
2.At the prompt follow these instructions.
C:\WINDOWS>cd system
3.Next prompt and command:
C:\WINDOWS\SYSTEM>del wsock32.dll
4.And finally:
C:\WINDOWS\SYSTEM>ren wsock32.ska wsock32.dll
Then restart your computer.)
One final note, there will also be a file in your \windows\system
directory called
"liste.ska" from what I can tell this file is a list of people you
could have sent the Trojan to. It might be as well to warn them and
pass on these instructions.
--------------------
Recently there have been several reports of a virus being passed through
lists in attachments. The virus, called Happy99, modifies infected
computers so that they spread the virus to other computers through email
attachments.
For more information on this particular virus, and how to remove it, visit
the following web page:
http://www.symantec.com/avcenter/venc/data/happy99.worm.html
This is a good time to remind people that, in general, they should not
open email attachments or run programs from people they do not know. That
is how this and other viruses are spread.
Hope that's of help to someone.
73, Alan G4TMV.
|