Looper's Delight Archive Top (Search)
Date Index
Thread Index
Author Index
Looper's Delight Home
Mailing List Info

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Date Index][Thread Index][Author Index]

RE: HAPPY99 Diagnosis & Removal



The instructions were posted by Jeff Duke on 13 February at 7:05 a.m.  The
instructions are good.  For more information, read up on the Happy99
phenomenon at Symantec and other virus-related websites around the 
Internet:

Symantec:
http://www.symantec.com/avcenter/venc/data/happy99.worm.html

Dude at Geocities:
http://www.geocities.com/SiliconValley/Heights/3652/SKA.HTM

These two are quite prominent.  You should look up the thread a few days
back on the Happy99 worm.  If you know the McAffee website, they also have 
a
large page on Happy99.

MAIN THING:  Do not run programs you receive via e-mail without knowing 
what
they are.  If you do get Happy99 via e-mail, DO NOT RUN IT.

If you have Vortex patches worth sharing, visit:
Andy's Vortex Page: http://members.aol.com/soundfnr/vortex.htm

Be well.

Javier
Berkeley

-----Original Message-----
From: Tim Nelson [mailto:tcn62@ici.net]
Sent: Thursday 18 February 1999 7:11 AM
To: Loopers-Delight@annihilist.com
Subject: HAPPY99 Diagnosis & Removal


This info may be redundant, or possibly redundant, but I thought I'd pass
it along. I have no idea who wrote these instructions originally, so I
don't know if I trust it; suspicion, paranoia, I feel like Mulder...

It might be helpful if one of you on the list who's better versed in DOS
than I am could look the enclosed instructions over to confirm that I'm
actually passing along good information and not just clouding the water...
The thing I'm leery of is how we've been warned by other postings not to
restart without taking care of the problem first, while the first thing
this one tells us to do is to restart in DOS mode... So a short reply to
the list from someone who would know better than I either confirming the
instructions or sounding the BS alarm would be appreciated.

Thanks,

Tim

BTW, I never saw any fireworks either, just a bunch of gibberish, and
didn't see or open any attachments, and I have restarted successfully
several times since the scare, so I'm pretty sure I'm all set, but would
still appreciate if one of you could give the omini-domini to the removal
instructions...

-------------------------------------
>This one is for real. I haven't seen this e-mail, but they tend to go
>>around for a long time. You may want to make a note of the name for 
>future
>>reference. Hopefully we won't ever see it.
>>
>>The virus, HAPPY99.EXE can not infect your computer unless you actually
>>run/execute the program! The program, happy99.exe would have come 
>attached
>>to an EMAIL. If you double clicked on happy.exe, you would then see
>>fireworks.
>>If you did not get the program happy99.exe attached to an email, or you
>>didn't execute the program if you did receive it, then you are NOT
infected
>>with the virus!!
>>If you did execute the program, you have the virus and are passing it
along
>>to others!
>>Here are instructions for removing this virus:
>>Click Start, then Shut Down, then "Restart Computer in MS-DOS mode", then
>>click Yes. It's important to do this so you can make the necessary
changes.
>>At the DOS prompt type this exactly and press enter at the end of each
line:
>>CD \WINDOWS\SYSTEM
>>If that doesn't work, try
>>CD SYSTEM
>>Delete SKA.EXE and SKA.DLL by typing
>>DEL SKA.EXE
>>DEL SKA.DLL
>>If you get "File not found" you're either not infected or in the wrong
>>directory. Make sure you're in your Windows System directory; check to 
>see
>>if you followed step 2 exactly.
>>Copy WSOCK32.SKA to WSOCK32.DLL by typing
>>COPY WSOCK32.SKA WSOCK32.DLL
>>Answer "Yes" if it asks if you want to overwrite WSOCK32.DLL. 
>Explanation:
>>WSOCK32.SKA is a backup of the original WSOCK32.DLL made by the virus. 
>You
>>are replacing the modified DLL with the original. Delete WSOCK32.SKA by
>>typing
>>DEL WSOCK32.SKA Do not delete WSOCK32.SKA if you are unable to replace
>>WSOCK32.DLL with WSOCK32.SKA.
>>Return to Windows by typing
>>EXIT
>>Optional: Choose Start, Programs, Accessories, Notepad, choose File, then
>>Open then type C:\WINDOWS\SYSTEM\LISTE.SKA in the File Name box. Warn the
>>people on the list, then delete LISTE.SKA
>>
>>