Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.binaries.images : SKA/HAPPY99.EXE virus REMOVAL INFO : SKA/HAPPY99.EXE virus REMOVAL INFO Server Time
5 Oct 2024 03:20:35 EDT (-0400)
  SKA/HAPPY99.EXE virus REMOVAL INFO  
From: Marc van den Dikkenberg
Date: 25 Jan 1999 16:52:06
Message: <36ace6b1.6367415@news.povray.org>
 
After a short websarch, I found some info on this SKA-virus, including info
on how to remove it.. 
It turns out that I was right about the wsock32.dll thingey: it does make a
backup! (luckily) So... If you've run the HAPPY99.EXE (the fireworks)
THEN READ THIS MESSAGE!!!

http://www.geocities.com/SiliconValley/Heights/3652/SKA.HTM


It will create two files in the Windows System folder, SKA.EXE and SKA.DLL.
SKA.EXE will be a copy of HAPPY99.EXE. It will make a backup of WSOCK32.DLL
under the name of WSOCK32.SKA. If it is unable to modify WSOCK32.DLL, then
it will add SKA.EXE to the RunOnce section of the registry and WSOCK32.DLL
will be modified next time the computer starts. The modified WSOCK32.DLL
will attach HAPPY99.EXE to a second copy of outgoing newsgroup and e-mail
messages. In my tests(sending an e-mail to myself:) this virus attached
itself to a second copy of the e-mail message, with no problems and a
barely noticeable delay. This virus will keep a list of message recipients
in the file LISTE.SKA in the Windows System folder. 

Some people have asked whether it is always called HAPPY99.EXE. This virus
doesn't contain any code to change the name. However, it would be simple
for a person to change it to anything they like.

It contains the text: 

"Is it a virus, a worm, a trojan? MOUT-MOUT Hybrid (c) Spanska 1999."
Removal
Click Start, then Shut Down, then "Restart Computer in MS-DOS mode" 
At the DOS prompt type: 
CD \WINDOWS\SYSTEM
Delete SKA.EXE, SKA.DLL, and WSOCK32.DLL by typing 
DEL SKA.EXE
DEL SKA.DLL
DEL WSOCK32.DLL
Rename WSOCK32.SKA to WSOCK32.DLL by typing 
REN WSOCK32.SKA WSOCK32.DLL
Return to Windows by typing 
EXIT

Optional:
Click Start, then Run, then type regedit in the text box, then click OK.
Click HKEY_LOCAL_MACHINE, then Software, then Microsoft, then Windows, then
CurrentVersion. Under RunOnce check for SKA.EXE and select it if it is
there. Press delete and then click Yes. Close Regedit.  
Optional Start Notepad and open the file LISTE.SKA. Warn the people on the
list, then delete LISTE.SKA 
-- 
Marc van den Dikkenberg
--
The PowerBasic Archives -- http://www.xs4all.nl/~excel/pb.html
All Basic Code Archives -- http://come.to/abcpackets


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.