|
PMA Consulting using HomePage Publisher Copyright 1996-99 by PMA Consulting. All Rights Reserved. |
 |
|
One of my biggest clients got infected with the Happy99! "virus" last
week and I had to do the hand-to-head-butt thang because I'd nuked at least four
warnings about it from my e-mail without posting it here. The happy99! worm comes
to you as an executable attachment to an e-mail message, usually from a friend of
yours because it was designed to be disseminated that way. The executable flashes
some fireworks on your screen and while it's doing that, it's also rewriting some
files on your hard disk that enable it to propagate itself to your friends and customers. |
|
As a footnote here, this isn't the only worm of this kind. Melissa is similar in that it tries to replicate itself via e-mail, though it is an Outlook Macro Virus and therefore easily avoided by merely not using Outlook or Exchange. Pretty Park is even more similar in that it can infect even WordPerfect and Netscape users that run the executable. |
|
Happy99! is very easy to remove, it just takes the following procedure: Start/Find/C:\WINDOWS\SYSTEM\SKA.* If anything comes up, you've got the bug and have to proceed through all the next steps. First of all, jot down the date and time of the SKA.EXE file, you'll need that data for later in this procedure. Start / Find / happy99.exe delete all instances you find and then empty your Recycle Bin Start / Shutdown / Restart in MSDOS mode You should now see C:\WINDOWS unless you're one of my clients, in which case you'll probably see C:\Win95. It doesn't matter, so long as you can CD System (change directories into C:\Win95\System subdirectory). DELete SKA.exe DELete SKA.dll DELete wsock32.dll REName wsock32.ska wsock32.dll Exit Now you'll find yourself back in the GUI (Graphical User Interface). Find the offending e-mail message, delete it, delete it again from your Trash folder and then drop the sender a note explaining that they have infected you (be nice, they probably didn't know they did it) and give them the URL to this page so they can get cleaned up too. Now, go to your "SENT" folder and jot down the recipient of each message that you sent out since the date/time of SKA.EXE (remember I told you you were going to need that data? :) And send each one of those people a note explaining that you might have infected them too. Again, send them the URL to this page so they can check themselves out too. Hang in there, you're almost done. The final step to this little excercise is repeat the next paragraph aloud. I will always remember that executable attachments to e-mail messages have the potential to put my system at risk. Without regard to my relationship with the person that sent me the message, if it is an executable, I will consider, reconsider and CONSIDER AGAIN, before running an executable on my computer that I downloaded from the internet. So help me Z80. Irreverently offered as a service to WindozeKind: Doug Hood PMA Consulting 19 Oct 99 |
|
|
PMA Consulting using HomePage Publisher Copyright 1996-99 by PMA Consulting. All Rights Reserved. |
|