This pathogen or worm as it is improved described is trustworthy to newsgroup as well as e-mail messages as an connection called Happy99.exe. You cannot get putrescent with this pathogen usually by celebration of a mass a newsgroup or e-mail message. You have to govern a connection by opening it. Generally, a chairman who sent it does not know which they have been promulgation it out. If we didn’t govern a attachment, we can usually undo it as well as pierce on. If we govern an putrescent attachment, it will arrangement a firework display, once a been activated any email we send will have a record attached. When someone else opens it, a pathogen spreads as well as a drop continues.
Here’s how Happy99.exe infects your system:
It will emanate dual files in a Windows System folder, SKA.EXE as well as SKA.DLL. SKA.EXE will be a duplicate of HAPPY99.EXE. It will duplicate a strange WSOCK32.DLL to WSOCK32.SKA. Then it will cgange WSOCK32.DLL though becoming opposite a distance so it will try to run SKA.DLL whilst posting to Usenet as well as promulgation E-Mail. The SKA.DLL record will silently insert HAPPY99.EXE to a second duplicate of effusive newsgroup as well as e-mail messages with a hardly noticable delay.
It does not cgange any alternative record upon top of WSOCK32.DLL. WSOCK32.DLL is a unchanging partial of Windows which provides a connnection to a Internet. If it is incompetent to cgange WSOCK32.DLL, afterwards it will supplement SKA.EXE to a RunOnce territory of a registry as well as WSOCK32.DLL will be mutated subsequent time a mechanism starts. It will still emanate WSOCK32.SKA even if it is incompetent to cgange WSOCK32.DLL. This pathogen will keep a list of summary recipients in a record LISTE.SKA in a Windows System folder. It will try not to send a Happy99.exe record twice to a same person.
Since it gets upheld along a lot, a opposite pathogen could insert to HAPPY99.EXE somewhere along a way. Without SKA.DLL as well as SKA.EXE, a mutated WSOCK32.DLL cannot perform any viral action. However regulating a mutated WSOCK32.DLL could equates to problems whilst upon a Internet. The many usual complaint which has been reported is shabby page faults, though these can have alternative causes. Restoring a strange WSOCK32.DLL will scold these problems.
This pathogen does not start Macs, DOS, Windows 3.x, OS/2, Linux or WebTV. However, someone regulating a single of those could pass it along manually, for e.g. by forwarding a message. Under Windows NT it will emanate SKA.EXE, SKA.DLL, as well as WSOCK32.SKA though will destroy to supplement itself to a registry or cgange WSOCK32.DLL. If we have NT, we do not have to follow a dismissal steps; we can simply undo SKA.DLL as well as SKA.EXE from inside Windows NT if we would like.
Some people have asked possibly it is regularly called HAPPY99.EXE. This pathogen doesn’t enclose any formula to shift a name. However, it would be elementary for a chairman to shift it to anything they like.
It contains a encrypted text:
“Is it a virus, a worm, a trojan? MOUT-MOUT Hybrid (c) Spanska 1999.”
Automatic Removal of Happy99.exe
Download a following file, unzip it as well as run it in Windows95 or Windows 98 by double-clicking upon it. This tiny module will perform a stairs seen in a primer dismissal process with no user intervention. Once a module is run, your complement will wish to reboot. This contingency occur to utterly mislay a happy99.exe worm.
Craig Schmugar’s Happy99Cleaner module (click to download)
Another Happy99.exe Remover (click to download)
Manual Removal of Happy99.exe
Steps noted discretionary have been not positively required as well as have been utterly protected to skip. If you’re not gentle with DOS, get someone knowledgable to assistance we with this. we cannot have guarantees of undiluted reserve given a a primer removal, Perform these during your own risk. If we have Windows NT, we do not have to follow a dismissal steps.
1. Click Start, afterwards Shut Down, afterwards “Restart Computer in MS-DOS mode”, afterwards click Yes. It’s critical to exit Windows in sequence to be equates to to reinstate a record WSOCK32.DLL which Windows routinely has in use.
2.At a DOS prompt sort this only as well as press come in during a finish of any line:
CD \WINDOWS\SYSTEM
3. Delete SKA.EXE as well as SKA.DLL by typing
DEL SKA.EXE
DEL SKA.DLL
If we get “File not found” you’re possibly not putrescent or in a wrong directory. Make certain you’re in your Windows System directory; check to see if we followed step 2 exactly.
4.Copy WSOCK32.SKA to WSOCK32.DLL by typing
ATTRIB -R WSOCK32.DLL
COPY WSOCK32.SKA WSOCK32.DLL
Answer “Yes” if it asks if we wish to overwrite WSOCK32.DLL.
WSOCK32.SKA is a backup of a strange WSOCK32.DLL. You have been replacing a mutated DLL with a original. If we get a “Sharing violation” have certain we followed step 1.
5.Optional Delete WSOCK32.SKA by typing
DEL WSOCK32.SKA
You can leave WSOCK32.SKA upon your system. It is a duplicate of your strange WSOCK32.DLL Do not undo WSOCK32.SKA if we have been incompetent to reinstate WSOCK32.DLL with WSOCK32.SKA.
6.Return to Windows by typing
EXIT
7.Optional Delete Windows Registry Key.
Click Start, afterwards Run, afterwards sort regedit in a content box, afterwards click OK. Click HKEY_LOCAL_MACHINE, afterwards Software, afterwards Microsoft, afterwards Windows, afterwards CurrentVersion. Under RunOnce check for SKA.EXE as well as name it if it is there. Press undo as well as afterwards click Yes. Close Regedit. Don’t shift anything else though creation a backup of a registry first. If we do not find SKA.EXE in a registry, it doesn’t meant you’re not infected. SKA.EXE is usually combined to a registry if HAPPY99.EXE is incompetent to cgange WSOCK32.DLL when we run it. Also, you’ll usually find it in a registry if we haven’t rebooted given we ran HAPPY99.EXE.
8.Optional Choose Start, Programs, Accessories, Notepad, select File, afterwards Open afterwards sort C:\WINDOWS\SYSTEM\LISTE.SKA in a File Name box. Warn a people upon a list, afterwards undo LISTE.SKA. Make it transparent to a people we advise which they won’t be putrescent unless they ran happy99.exe, to equivocate shocking them unnecessarily. If we haven’t sent out any putrescent e-mails, there won’t be a LISTE.SKA.
9. Optional Delete a HAPPY99.EXE file. The place of HAPPY99.EXE will change depending upon where we saved it. You can undo it simply by boring it to a Recycle Bin from inside of Windows or whatever process we prefer. You competence still have a little messages with HAPPY99.EXE trustworthy in your mailbox. These cannot do anything unless we run them. You can undo them if we wish to or usually omit them. 10.Optional If we aren’t certain possibly WSOCK32.DLL is infected, select Start, afterwards Find, afterwards “Files or Folders”. Then sort WSOCK32.DLL in a “Named” box. In a “Look in” box select expostulate C: or whatever expostulate we have Windows on. In a “Containing Text” box sort “ska.dll” though a quotes. Then click “Find Now”. If we do not find any files, which equates to which wsock32.dll isn’t a mutated version. If we do not have a mutated WSOCK32.DLL, a pathogen has no approach to insert to e-mails, even if we have SKA.EXE, SKA.DLL, as well as WSOCK32.SKA in a Windows System folder. If we have SKA.EXE in a RunOnce registry section, as well as we haven’t deleted SKA.EXE, afterwards a pathogen will try to cgange WSOCK32.DLL a subsequent time we restart a computer.
Make certain we sort a instructions only together with spaces as well as punctuation. You competence wish to imitation out a dismissal instructions so we have something to impute to. If you’re carrying difficulty with a DOS commands, get a internal chairman to assistance we with them. It’s tough to know only how you’re typing a DOS commands as well as what your expect incident is though saying it in person.