[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
happy99 is a virus
Hello
Very sorry about this, if I bother you again.
If you have received happy99.exe as an attchment of one of my email,
please note, it is a VIRUS. Please do not run it. If you have already
run it, see following for how to remove it. For more information about
it, please refer to:
http://www.geocities.com/SiliconValley/Heights/3652/span.html
Sorry again.
Removal
Steps marked optional are not absolutely necessary and are completely
safe to skip. If you're not comfortable with DOS, get someone
knowledgable to help you
with this. These steps should be safe, even under unexpected
circumstances, but I can't make guarantees. Perform these at your own
risk.
1.Click Start, then Shut Down, then "Restart Computer in MS-DOS
mode", then click Yes. It's important to exit Windows in order to be
able to replace the
files that Windows normally has in use.
2.At the DOS prompt type this exactly and press enter at the end of
each line:
CD \WINDOWS\SYSTEM
If that doesn't work, try
CD SYSTEM
3.Delete SKA.EXE and SKA.DLL by typing
DEL SKA.EXE
DEL SKA.DLL
If you get "File not found" you're either not infected or in the
wrong directory. Make sure you're in your Windows System directory;
check to see if you
followed step 2 exactly.
4.Copy WSOCK32.SKA to WSOCK32.DLL by typing
ATTRIB -R WSOCK32.DLL
COPY WSOCK32.SKA WSOCK32.DLL
Answer "Yes" if it asks if you want to overwrite WSOCK32.DLL.
Explanation: WSOCK32.SKA is a backup of the original WSOCK32.DLL made
by the
virus. You are replacing the modified DLL with the original.
5.Optional Delete WSOCK32.SKA by typing
DEL WSOCK32.SKA
You can leave WSOCK32.SKA on your system. It is a copy of your
original WSOCK32.DLL Do not delete WSOCK32.SKA if you are unable to
replace WSOCK32.DLL with WSOCK32.SKA.
6.Return to Windows by typing
EXIT
7.Optional Click Start, then Run, then type regedit in the text box,
then click OK. Click HKEY_LOCAL_MACHINE, then Software, then Microsoft,
then
Windows, then CurrentVersion. Under RunOnce check for SKA.EXE and
select it if it is there. Press delete and then click Yes. Close
Regedit. Don't
change anything else without making a backup of the registry
first. If you don't find SKA.EXE in the registry, it doesn't mean
you're not infected. SKA.EXE
is only added to the registry if HAPPY99.EXE is unable to modify
WSOCK32.DLL when you run it.
8.Optional Choose Start, Programs, Accessories, Notepad, choose
File, then Open then type C:\WINDOWS\SYSTEM\LISTE.SKA in the File Name
box.
Warn the people on the list, then delete LISTE.SKA. Make it clear
to the people you warn that they won't be infected unless they ran
happy99.exe, to avoid
alarming them unnecessarily. If you haven't sent out any infected
e-mails, there won't be a LISTE.SKA.
9.Optional Delete the HAPPY99.EXE file. The location of HAPPY99.EXE
will vary depending on where you saved it. You can delete it simply by
dragging it
to the Recycle Bin from within Windows or whatever method you
prefer. You may still have some messages with HAPPY99.EXE attached in
your mailbox.
These cannot do anything unless you run them. You can delete them
if you want to or just ignore them.
10.Optional If you aren't sure whether you are still infected, choose
Start, then Find, then "Files or Folders". Then type ska.dll in the
named box. In the "Look
in" box choose drive C: or whatever drive you have Windows on.
Then click "Find Now". Ska.dll is the best thing to look for, since it
can't perform any viral
action without ska.dll. But even this is not conclusive. The virus
may have created ska.dll but failed to modify wsock32.dll. But if you
don't find ska.dll, you
can be sure you are not contagious. Any other *.SKA, WSOCK*.* or
SKA*.* files you may find, that aren't mentioned on this page, have
nothing to do
Best regards,
Huang mailto:[email protected]