Happy99, ska trojan.
 Information
about Happy99, ska trojan :
Happy99 is a Win32 based Trojan program.
When this program is executed it will display some fireworks. Apart from
the fireworks display this programwill do some other activity in the background
without the user's permission.In the background this program will create
two files SKA.EXE and SKA.DLL.It will alter WSOCK32.DLL to put its code
into that file and keep the originalfile as WSOCK32.SKA. It can not modify
the WSOCK32.DLL file if it is inuse. In such a case this program will add
an entry to the Windows Registryto run SKA.EXE the next time the computer
is booted so that it can do thesemodifications. The size of this trojan
file is 10000 bytes.
You will not get infected by Happy99
merely by downloading the trojanfile. You will have to execute it to get
infected.
The modified WSOCK32.DLL has routines to
detect the email and newsgrouppostings made by the user. It will send a
copy of the SKA.EXE file renamedas happy99.exe to every user or newsgroup
to whom the user has sends anemail. Each recipient will get the email only
once and the trojan willnot send repeat email to the same user. It will
send a separate email retainingthe subject of the first email with the
file as an attachment. The trojanalso maintains the file LISTE.SKA which
contains the list of all emailaddresses and newsgroups to which this file
has been sent. The unique functionof this trojan is that it can spread
on its own.
Happy99 first appeared in January 1999
and it is reported to have affecteda lot of users.
Other
names of Happy99 virus:
This worm is also known as win32.ska.a,
ska, wsock32.ska and ska.exe.
What
is Happy99 ? Trojan ,virus or worm ?
This program can only be classified as
a Trojan. It is not a virus asit does not replicate itself. It does not
attach itself any other fileor program. It is also not a worm as even though
it can spread on its own,it needs to be executed to get control. A worm
is capable of spreadingand infecting the target computer on its own. Happy99/Ska
is a trojan withthe capability to distribute itself.
Referto
Happy99 FAQ page if you have any problem while removing this trojan.
Removing
Happy99 virus from your computer:
You can remove this virus from your computer
by using Protector Plus antivirus software.
You can download the Evaluation
Copies of
Protector Plus antivirus software for these operating systems:
   
You can also remove this trojan manually
from your computer. To do that,first check the WINDOWS\SYTEM folder
for the presence of these files.
1. SKA.EXE
2. SKA.DLL
3. WSOCK32.SKA
If you find these files then you have been
attacked by the Happy99 Trojan.To remove this trojan do the following:
1. Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
2. Rename WSOCK32.SKA as WSOCK32.DLL
Make sure that you have WSOCK32.SKA
file before deleting WSOCK32.DLLand ensure that you have renamed this file
properly. You may have to closeyour Browser, Email software, etc. to delete
and rename the DLL files.
You will have to use an antivirus software
capable of detecting thistrojan to ensure that you do not have this file
anywhere in your hard disk.You can use Protector Plus for that purpose.
Refer
to Happy99FAQ page if you have any problem while removing this trojan.
|
