Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'gapolk'

Total: 1/1
    1. [GAPOLK-L] VIRUS WARNING FROM THE LISTOWNER !
    2. D. Scott Dingler

    3. I have received several copies of the HAPPY99 VIRUS (or WORM) from email that was sent to ROOTSWEB MAILING LIST over the last few days. Please read the follwing message. D. Scott Dingler Listowner I borrowed this explanation from my colleague who has the SCROOTS list. He is a computer guru. Please read carefully. DO NOT SEND ANY MESSAGES TO THE LIST ABOUT THIS PLEASE!!! NOTE: This warning is the exception to the rule. Do not follow this as and example and start sending virus warnings to the forum. This type of message is OFF TOPIC in the forum, unless posted by the Forum Manager. I've recently received several emails from various people containing an attached file named HAPPY99.EXE. Some of these were from Forum members. Some were addressed to the Forum, but they were blocked by our automatic screening program. The HAPPY99.EXE program is a WORM. See below for more information about what that means. If you receive a message with that file attached don't execute it - delete it immediately. _______________________ VirusName: Happy99.Worm Aliases: Trojan.Happy99, I-Worm.Happy Description: This is a worm program, NOT a virus. This program has reportedly been received through email spamming and USENET newsgroup posting. The file is usually named HAPPY99.EXE in the email or article attachment. When being executed, the program also opens a window entitled "Happy New Year 1999 !!" showing a firework display to disguise its other actions. The program copies itself as SKA.EXE and extracts a DLL that it carries as SKA.DLL into WINDOWS\SYSTEM directory. It also modifies WSOCK32.DLL in WINDOWS\SYSTEM directory and copies the original WSOCK32.DLL into WSOCK32.SKA. WSOCK32.DLL handles internet-connectivity in Windows 95 and 98. The modification to WSOCK32.DLL allows the worm routine to be triggered when a connect or send activity is detected. When such online activity occurs, the modified code loads the worm's SKA.DLL. This SKA.DLL creates a new email or a new article with UUENCODED HAPPY99.EXE inserted into the email or article. It then sends this email or posts this article. If WSOCK32.DLL is in use when the worm tries to modify it (i.e. a user is online), the worm adds a registry entry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE The registry entry loads the worm the next time Windows start. Removing the worm manually: 1. delete WINDOWS\SYSTEM\SKA.EXE 2. delete WINDOWS\SYSTEM\SKA.DLL 3. replace WINDOWS\SYSTEM\WSOCK32.DLL with WINDOWS\SYSTEM\WSOCK32.SKA 4. delete the downloaded file, usually named HAPPY99.EXE Safe Computing: This worm and other trojan-horse type programs demonstrate the need to practice safe computing. One should not execute any executable-file attachment (i.e. EXE, SHS, MS Word or MS Excel file) that comes from an email or a newsgroup article from an unknown or a untrusted source. Norton AntiVirus users can protect themselves from this worm by downloading the virus definitions updates released on Jan 28, 1999 or later either through LiveUpdate or from the following webpage: http://www.symantec.com/avcenter/download.html Write-up by: Raul K. Elnitiarta - January 28, 1999 ___________________ For more information regarding viruses see the following sites. http://www.mcafee.com/ http://www.symantec.com/avcenter http://www.symantec.com/avcenter/venc/data/happy99.worm.html http://www.earthlink.net/daily/tuesday/macroviruses http://www.cyberramp.net/hoax.htm Unsolicited, unexplained attachments are unacceptable! "... you CAN get a virus by reading an attachment in an email message, such as an MS Word or Excel document, which is infected by a macro virus. You can also get a virus by running an executable program (such as *.exe , *.com or *.bat) someone e-mails you as an attachment." -- SOURCE: http://www.cyberramp.net/hoax.htm Food For Thought: If the one that holds our future is the one that holds our hand, we will always have reason to give thanks for we will surely be blessed. Check out my Gealogy home page at http://www.mindspring.com/~sdingler/ Check out the Mailing Lists at http://www.rootsweb.com/~maillist/ D. Scott Dingler 711 Robin Court Woodstock, GA 30188 ********************************************************* * * * JESUS OUR SAVIOR WILL CARRY US ALL THE WAY !!!!!!! * * * *********************************************************

    02/12/1999 07:28:01