Subject: | |
From: | |
Reply To: | |
Date: | Sat, 13 Mar 1999 16:36:10 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Patty Jansen wrote:
>
> Dear all,
>
> I received the virus through a Conch-L digest posting, deleted it from the
> directory, and then from the trash without touching it. That works well. I
> presume everybody in Conch-land has now been infected. it is easy to get
> rid of, so is not too bad (prefer this variety to orchid viruses)
This works well as it has not been initiated, but if you see the
fireworks (i.e. you clicked on it) then you have to follow the
directions about what files to delete, and what has to be renamed.
Removing the happy99 exe file only removes the "install file", the
actual worm is "ska.exe", and it will rebuild the attachment. At the
risk of copyright infringement, here are the instructions if this has
been initiated:
Removing the worm manually:
1.delete WINDOWS\SYSTEM\SKA.EXE
2.delete WINDOWS\SYSTEM\SKA.DLL
3.in WINDOWS\SYSTEM\ directory, rename WSOCK32.DLL to WSOCK32.BAK
4.in WINDOWS\SYSTEM\ directory, rename WSOCK32.SKA to WSOCK32.DLL
5.delete the downloaded file, usually named HAPPY99.EXE
Windows prevents you to do step #3 and #4 above if the machine is
still connected to the Internet. The file "windows\system\wsock32.dll"
is used whenever the machine is connected to Internet (i.e.through
dial-up or LAN connection).
For other scenarios such as being on AOL, see the web site I quoted in
the last email. Don't be too cavalier with this one, you might only
_think_ it's gone!
Regards,
John Hooker
--
Visit our Website at http://www.writer2001.com
Coriosolite Expert System...Animation...Poetry...Books
Hooker & Perron, Total Project Coordination
Technical Writing...Graphics...Maps...Colour Suites...Expert Systems
|
|
|