Loading ...
Sorry, an error occurred while loading the content.

[gthomas] Happy99.exe email virus

Expand Messages
  • Stevan Davies
    I have received (but thankfully not opened) two copies of a virus-program sent by email in the past week, once through a list. It will come as an attachment
    Message 1 of 1 , Feb 24, 1999
    • 0 Attachment
      I have received (but thankfully not opened) two copies of
      a virus-program sent by email in the past week, once through
      a list. It will come as an attachment usually labeled

      Happy99.exe

      Deleting any email that contains this attachment will keep you
      from trouble. If you run the file, your system will proceed to
      send it to others.

      Happy99.exe is a Win32 based Trojan program. When this program is
      executed it will display some fireworks. Apart from the fireworks
      display this program will do some other activity in the background
      without the user's permission. In the background this program will
      create two files SKA.EXE and SKA.DLL. It will alter WSOCK32.DLL
      to put its code into that file and keep the original file as WSOCK32.SKA.
      It can not modify the WSOCK32.DLL file if it is in use.
      In such a case this program will add an entry to the Windows Registry
      to run SKA.EXE the next time the computer is booted so that it can do
      these modifications. The size of this trojan file is 10000 bytes.

      You will not get infected by Happy99 merely by downloading the trojan file.
      You will have to execute it to get infected.

      The modified WSOCK32.DLL has routines to detect the email and
      newsgroup postings made by the user. It will send a copy of the
      SKA.EXE file renamed as happy99.exe to every user or newsgroup to
      whom the user sends an email.

      Each recipient will get the email only
      once and the trojan will not send repeat email to the same user. It will
      send a separate email retaining the
      subject of the first email with the file as an attachment. The trojan also
      maintains the file LISTE.SKA which contains the list of all email addresses
      and newsgroups to which this file has been sent. The unique function of
      this trojan is that it can spread on its own.

      For more information and removal advice, see

      http://www.pspl.com/trojan_info/win32/happy99.htm

      or see

      http://www.symantec.com/avcenter/data/happy99/worm.html

      Steve

      ------------------------------------------------------------------------
      eGroup home: http://www.eGroups.com/list/gthomas
      Free Web-based e-mail groups by eGroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.