This is a multi-part message in MIME format.
--------------DAE9390C4C2069C943A39EB1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
If you received a file named Happy99.exe and ran it you now have a harmless virus. I somehow contracted this piece of crap and possibly have given it to you. The attached file Happy99.txt explains what it is and how to rid yourself of this nuisance. I didn't know I had it till just this morning, sorry for any problems.
Bill Wildner
--------------DAE9390C4C2069C943A39EB1
Content-Type: text/plain; charset=us-ascii; name="Happy99.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Happy99.txt"
New pain in the virtual rear
There's a new plague circulating around the Internet
lately. It goes by the name of happy99.exe.
Now, in case any of you haven't heard this before: If
you get an executable file e-mailed to you from
someone you don't know and trust, DON'T RUN
IT!
But no matter how many times you tell people, they
don't listen, and they don't get it.
First, a little information on happy99.exe: It's a
nuisance, but it's not dangerous. Unlike picture.exe,
which I discussed in this space a few weeks ago, it
won't steal your passwords and mail them to China.
What it will do is attach a copy of itself to every e-mail
and every newsgroup article you send out. So what
happens is that you (the innocent, trusting Internet
user) open this attached file, happy99.exe, and you
see some fireworks, and you say, "Gee, that's a nice
little Happy New Year message some good-hearted
person put together." And then you go on with your life.
But while you're not looking, happy99.exe is working
quietly in the background, creating files named
ska.exe and ska.dll. Then it grabs your wsock32.dll
and renames it wsock32.ska and creats a new
wsock32.dll to include its own code.
That code tells it to attach a copy of ska.exe (renamed
happy99.exe) to all your e-mails and newsgroup
articles. This causes your mail to trigger people's virus
scanners (if they keep them updated), and that causes
people to get mad at you. And you (the innocent,
trusting Internet user) never even knew you were
doing anything bad.
Last week, an innocent victim of this little trojan sent a
copy of it to our At Sea sailing crew at
new.world@chron.com. Fortunately, the Houston
Chronicle's system is pretty good about alerting us to
such things. In fact, it won't let its e-mail users receive
attachments that raise a red flag on its virus scanner.
So we were safe from that one.
The next day, another innocent victim sent a copy of
the trojan to a mailing list that includes more than 500
people. Several had opened it before the list owner and
I sent out alerts to avoid that file. He and I talked a few
people through the cleanup process.
That brings us to the cleanup process: This is one of the
easiest. The creator of this little pest at least had the
decency to have it rename wsock32.dll rather than
just overwriting it. (Why does the kind of scum that
would create such a thing include a feature that shows
some sense of human decency? I'm clueless on that
one.)
So, if you think you might have it, if you've ever
opened a file named happy99.exe and seen the pretty
fireworks, if you've ever gotten a message from
someone mentioning the happy99.exe file you sent to
them: Clean it up.
Here's how.
First, to be sure you've really got it, search your
system for files named ska.exe, ska.dll and
wsock32.ska. If you see all three of those, you've got
it. If not, you don't.
If you do have it, follow these instructions carefully.
Deleting the wrong file can cause you problems you
really don't want to experience.
1.Delete ska.exe, ska.dll and wsock32.dll.
2.Rename wsock32.ska as wsock32.dll.
Please be sure you actually have a file named
wsock32.ska before deleting wsock32.dll. Please.
Do it for me. And if you don't have wsock32.ska,
please don't touch your wsock32.dll.
But if you do have it, that's the whole cleanup process.
Two steps. It couldn't be much easier.
OK, so now that we're all sure we're free of that little
pest, it's time to get a good virus scanner. Get one
from McAfee or Norton or somebody else reliable. Use
it. Watch for updates, and install them.
And if there's only one thing you remember about trust
and the Internet, please remember this: If you get an
executable file e-mailed to you from someone you
don't know and trust, DON'T RUN IT!
More about happy99.exe
Last week's column about happy99.exe, the latest
trojan making the rounds, drew a lot of mail.
Most of them were just nice notes saying thanks for the
cleanup instructions.
But a few offered more information that the "experts"
hadn't given me. I was just passing along the cleanup
instructions as I had found them on a couple of trusted
Web sites, because (thanks to the Chronicle's virus
scanners) I had no personal experience with
happy99.exe.
Allen Reynolds was the first to alert me to another file
created by this little trojan. It's called liste.ska, and it
collects a list of all the addresses to which your
computer has sent happy99.exe. "It's kind of shocking
to see how many of your friends may be mad at you,"
he wrote.
Todd Carlton wrote to alert me to the same file and
added, "Once a person cleans up their system, they
ought to be morally obligated to contact each person on
that list to alert them of the danger, and forward
clean-up instructions."
I agree with Todd. If you've got that file on your
computer, do the decent thing and let everybody know
that they've got it and that it can be cleaned up easily.
Mike Clark wrote to mention another little pain this
trojan can cause.
Another person (whose mail I deleted before thinking
I'd need it) had written to tell me that she had run a
virus cleaner on her system and that it reported it had
cleaned up happy99.exe, but she couldn't delete the
offending files. She said she was a computer novice and
didn't feel comfortable messing around with her
system, and since the mail she sent to me was clean,
we decided to just assume the virus cleaner had done
its job and leave the files alone.
Mike cleared up that situation for me:
Some people may have trouble deleting the .dll files, and
specific instructions may be helpful
Here is what I did:
I deleted ska.dll by closing my email program first.
To delete ska.dll, I went through the following process
shut down, re-open in DOS mode
cd c:\windows\system
copy wsock32.dll wsock32.old
del wsock32.dll
copy wsock32.ska wsock32.dll
then reboot, once everything is working, delete all the
garbage
So, there you have it, and this time, it's from the real
experts, the people who have had to clean this garbage
off their systems.
Thanks to Allen, Todd, Mike and the others who wrote
to me about this.
And remember: Keep it clean (and I mean your hard
drive).
--------------DAE9390C4C2069C943A39EB1--
Received on Mon Mar 1 05:24:43 1999