Re: HAPPY99.EXE Trojan Horse Virus (fwd)

Cathleen Cummings, Media Coordinator - SRJC (ccumming@floyd.santarosa.edu)
Fri, 16 Apr 1999 10:41:24 -0700 (PDT)

And to all that don't yet have a virusfinder...I had opened Happy 99
(cute that it is!) and the boss installed a virusfinder right after since he
was the first one I emailed after getting infected! When my email was being
downloaded today, the virus alert notified me that there was a message with
Happy 99 attached. So, I really endorse using a virus finder! ~Cath

At 10:13 AM 4/16/99 -0700, you wrote:
>Please note, all, the following relatively painless fix for the Happy99
>virus (not sure how Mac environments work)
>
>
>Gary Handman
>>
>>All,
>>
>>This is NOT a hoax or a joke. Technically, this is not a virus, but a
>>Trojan Horse "worm" program that reproduces itself as an e-mail message
>>called "HAPPY99." This program (disguised as another piece of "cuteware")
>>runs a banner reading "Happy New Year 1999" and some screen fireworks--
>>while maliciously altering your Windows system files to create more copies
>>of itself.
>>
>>If you receive any e-mail entitled "Happy99" please immediately delete it.
>>That's the easiest way to avoid infection.
>>
>>You can check whether you've been infected with this worm by seeing if
>>you've got a file named "ska.exe" on your system. To do this, use the
>>Windows "Find File" utility (start|find|files).
>>
>>If the presence of "ska.exe" indicates your PC is infected, follow the
>>steps below to remove the worm, or call the Systems Office Helpdesk
>>(2-6120) if you aren't confident about doing this yourself:
>>
>>***********************************************************************
>>
>>1. Close Windows, but choose "Restart the computer in MS-DOS mode" from
>>the Shutdown menu.
>>
>>2. When the DOS C: prompt appears, type "cd windows\system" and hit the
>>Enter key.
>>
>>3. From the C:\windows\system> prompt, type "del ska.*" and hit the Enter
>>key.
>>
>>4. From the C:\windows\system> prompt, type "dir wsock32.*" and hit the
>>Enter key.
>>
>>5. If you see TWO similar files listed, one named "wsock32.dll" and one
>>named "wsock32.ska" --delete the one named "wsock32.dll" by typing "del
>>wsock32.dll" and hitting your Enter key.
>>
>>5. From the C:\windows\system> prompt, type "ren wsock32.ska wsock32.dll"
>>and hit the Enter key.
>>
>>6. Reboot your computer, and do a file search for "Happy99.exe" --delete
>>this file if it exists. At this point, your PC should now be free of the
>>worm infection.
>>
>>
>>For more information, please see the Web page below:
>>
>> http://www.symantec.com/avcenter/venc/data/happy99.worm.html
>>
>>--thank you,
>>
>> Andy Spalaris
>> LWNS/Systems Office
>>
>>
>>
>>
>Gary Handman
>Director
>Media Resources Center
>Moffitt Library
>UC Berkeley 94720-6000
>http://www.lib.berkeley.edu/MRC
>
>"Everything wants to become television" (James Ulmer -- Teletheory)
>

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Cathleen Cummings
Media Coordinator, Santa Rosa Junior College
1501 Mendocino Avenue
Santa Rosa, CA- USA 95401
ccumming@floyd.santarosa.edu
************************************************************