Trojan horse sent out to list

To: perennials@lorien.mallorn.com
Subject: Trojan horse sent out to list
From: C* P* L*
Date: Fri, 5 Feb 1999 01:30:17 -0600 (CST)

Hi folks,

   A couple of days ago Linda Korth unwittingly sent out an 
   attachment to the list called 'HAPPY.EXE'.  This attachment
   is actually a trojan horse that installs itself on the
   recipients computer system after being run, then attaches
   itself to all outbound email that the victim sends.

   I promised to send a notice to the list, but I've been a
   little slow.  Anyhow, here it is.

   If you didn't run the HAPPY.EXE program then you should 
   be safe.  If you did run HAPPY.EXE then you probably saw
   a nice fireworks display on your monitor, but you've also
   infected your system.  To remove it, follow these directions
   taken from

      http://www.pspl.com/trojan_info/win32/happy99.htm

   You can also remove this trojan manually from your computer. To
   do that, first check the WINDOWS\SYTEM folder for the presence
   of these files.

      1. SKA.EXE
      2. SKA.DLL
      3. WSOCK32.SKA

      If you find these files then you have been attacked by the
      Happy99 Trojan. To remove this trojan do the following:

      1. Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
      2. Rename WSOCK32.SKA as WSOCK32.DLL

      Make sure that you have WSOCK32.SKA file before deleting
      WSOCK32.DLL and ensure that you have renamed this file
      properly. You may have to close your Browser, Email software,
      etc. to delete and rename the DLL files.

   The above URL also provides more detailed information about
   the actual trojan horse (for those of you into that kind of
   thing).

   This is the first one in about two years -- not *too* bad. :)

Chris

P.S.  I'd also like to add that Linda wasn't aware that this was on
      her system and I believe that the transfer to the list was
      unintentional.  And as I told her in private email, I hope
      that she isn't scared off and sends us lots of information
      about the happenings in her Wisconsin garden.

---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PERENNIALS

Prev by Date: Re: Winter Interest DO NOT OPEN ANY ATTACHMENTS
Next by Date: trials of perennials
Prev by thread: trials of perennials
Next by thread: Re: Trojan horse sent out to list

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index