About Happy99.exe worm (delete if you dont want to read this)

To: m*@ucdavis.edu
Subject: About Happy99.exe worm (delete if you dont want to read this)
From: B*@monterey.edu (Barry Garcia)
Date: Sun, 18 Apr 1999 00:01:26 -0800
Content-ID: <msg790441.thr-d2a0af.f7aeb.part0@monterey.edu>

Heres some info on Happy99.exe worm. Its not really all that innocent.
Read on to see why. (theres a technique for a fix included (incase you
dont have an anti-virii prog. )

Happy99.exe Worm Virus doesn't
make for Happy Computing

I used to say, "I've been on the internet for more than 4 years,
and never had a problem with a
computer virus. It's all Scare Tactics!"

Well, NOW I'm Scared!

A good friend found a file in a BBS. She opened it, liked it,
and shared it. One of the most
wonderful things about the internet is the sharing, but
this was not wonderful.

I opened the Happy99.exe file, and enjoyed the pretty fireworks
she sent to me. Oh, wasn't it sweet
for her to think of me, and share this pretty program! I
was very pleased.

That night another friend called me and said she had sent him the
program, too. He did not open it
because his antivirus program discovered and warned him that it
contained a WORM VIRUS, and
after calling her to see who else she may have shared this
with, he wanted to warn me.

I was mildly nervous, but still wasn't too worried. After all, I
had been surfing and sharing for more
than 4 years, and never had a virus problem.

The next day, my e-mail program would not send. I tried, and
crashed, rebooted, tried again, and
crashed. Everything else seemed to be fine, so again and again I
tried, and crashed. OKAY! It was
time to worry about something! I started getting reports that
some of my friends were recieving
dulpicate e-mails from me. One containing the Happy99.exe as an
attached file. Oh NO!!! I tried to
remember who I had sent e-mail to between the time I opened the
fireworks, and the time my
e-mail program would no longer send, so I could warn them not to
open the attachment in the
dupicates, though I feared it may be too late for
them, too.

I installed and updated an anti-virus program. It said I had the
Happy99 Worm Virus in 3 files, which
had to be deleted to eliminate the virus. To make a long story
short, the Zookeeper has a knack for
doing things the hard way, and I started reinstalling from my
Windows311 up to get back the
wsock32.dll that I had deleted as instructed by the
antivirus program. Arrrgh!!!

There, of course, was a much simpler way of dealing with this,
as you will find in the following
e-mail, that I recieved after the fact.

Happy99.exe WORM VIRUS Fix

-----Original Message-----
From: John Trudeau
To: Sandi Trudeau
Date: Wednesday, February 17, 1999 7:16 AM
Subject: Email Virus IMPORTANT please read

Well it finally happen to me too! One of our customers sent me an
email message about their web
site and the next message was from the same customer and it
contained an attachment the was
called: HAPPY99.EXE.

Well I opened it and it was fireworks going off ... and I waited
and nothing else happen so I erased
the message and went about my business.

Well, that's when the trouble started ... it seems that this
little program launches several files that
watch who you email and then keeps track in a file and then sends
them a second message with
the HAPPY99.EXE file attached.
If the person opens an executes it then it starts for them, too.
Bottom line, I receive about 200
emails per day and send out around 50 ...so I may have sent anyone
of you this little surprise too ...

I did a little research and found the fix which you will find at
the end of this message ... if you receive
that attachment from me or anyone else don't click it ...
simply erase it and you will be fine.

If you did look at it ... then follow the
instructions below.
++++ How to remove Happy99.exe Virus ++++
You can remove this trojan manually from your
computer.
To do that, first check the WINDOWS\SYSTEM folder for the
presence of these files.

1. SKA.EXE
2. SKA.DLL
3. WSOCK32.SKA

If you find these files then you have been attacked by the
Happy99 Trojan.
To remove this trojan do the following:

1. Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
2. Rename WSOCK32.SKA as WSOCK32.DLL

Make sure that you have WSOCK32.SKA file before deleting
WSOCK32.DLL and ensure that you
have renamed this file properly. You may have to close your
Browser, Email software, etc. to delete
and rename the DLL files.
(Zookeeper note: If you have Internet Explorer integrated Windows,
as I did, you may have to do it
in ms-dos mode.
1. Shut down windows with the RESTART IN MS-DOS MODE
option.
2.At the prompt type the bold text.
C:\WINDOWS>cd system
3.Next prompt and command:
C:\WINDOWS\SYSTEM>del wsock32.dll
4.And finally:
C:\WINDOWS\SYSTEM>ren wsock32.ska wsock32.dll
Then restart your computer.

Open the file C:\WINDOWS\SYSTEM\liste.ska in your NOTEPAD to see
a list of who you may
have infected with the Happy99 worm virus.)

--- PalmNet Online --- John Trudeau ---
їє•`•єїш,ёё,шїє•`•єїшїє•`•єїш,ёё,шїє•`•єї

____________________________________________________________________
|

--Nakakakain ako ng salamin; hindi naman ako
masasaktan.--
____________________________________________________________________

Prev by Date: April Meeting of the MGS Northern California Chapter
Next by Date: Virus alert 'Happy99.exe'
Prev by thread: Virus alert 'Happy99.exe'
Next by thread: April Meeting of the MGS Northern California Chapter

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index