> Is this for real or just somemore more Linnhoff Bull@8&%
> You gotta watch this guy all the time.
This one is real. You get it by >>RUNNING<< the HAPPY99 program that
is attached to the message. A good reason not to run anything that
comes attached to the e-mail unless you >>KNOW<< what it is.
Here is the information from the Woody's Office Watch Newsletter:
(Woody is the author of a series of very good books on how to make
Microsoft Office and Windows do what you want.)
Informtion on his newsletters is on http://www.woodyswatch.com
A NOT-SO-HAPPY(99) COMEUPPANCE ~~~~~~~~~~~~~~~~~~~~~~~~
As I readily admit to anyone who'll listen, I do dumb
things all the time. The incident I'm about to describe is
probably the dumbest thing I've done since I said those bad
things about Visual Basic 6. (In case you didn't see that
debacle, I retracted all of my ranting in the very next
issue of WOW and apologized profusely because, well, I was
about 10,000% wrong.)
Here's the story. As you might imagine, I get a lot of
email. Some times I just put my brain on autopilot,
particularly when I'm zooming through short messages. I
know that's not very convincing, but it's the only excuse I
have.
On Monday of this week I received an email message from a
guy I'd been talking with for a while. Smart guy. I hope he
writes some FrontPage stuff for WOW. Anyway, this message
was blank, but it had an attached program called
HAPPY99.EXE. I blithely double-clicked on the attachment,
and was greeted with a "Happy New Year 1999" message along
with a bunch of digital fireworks.
I sent out a couple of messages. And then I suddenly
remembered. In last week's WOW, we wrote these words:
"So be wary of any incoming file, don't run or open it
directly... Instead, save the file to your hard drive then
run your anti-virus software to check it. Of course, this
is a recent development so you must have the latest
anti-virus updates to check for this worm. If you want to
make sure, look through the list of viruses scanned for
'Happy99'."
Oh %$#@!
Guess what? I got infected with the W32.SKA worm (also
known as the "Happy99 virus"). Fortunately, I caught it
before it could "take" - and I didn't infect anyone else.
(You have to re-start Windows before the bloody thing hooks
into your system.)
I checked the Norton Web site listed in last week's WOW, as
well as the McAfee description at
http://beta.nai.com/public/datafiles/valerts/vinfo/w32ska.htm
. And I disinfected myself by following these steps
(they're probably overkill, but at least it's thorough!):
1. Delete ska.exe and ska.dll from the \windows\system folder.
2. Delete the Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\S
ka.exe
="Ska.exe"
3. Restart in MS-DOS mode.
4. Navigate to \windows\system using, say, CD system
5. Run these two DOS commands to restore the old Winsock file:
REN wsock32.dll wsock32.bad
REN wsock32.ska wsock32.dll
6. Restart Windows
So much for Happy99. I promise I won't be that dumb again.
For a few months, anyway.
|