Virus on email

 

Happy99         Melissa         Worm.Explore.zip

Adjust Sound Adjust Sound

 

 
Happy99.exe

 

When you receive an e-mail message with an attachment on it called "HAPPY99.exe", don't open it because it is a virus. You can't get infected with it by just reading your mail. When you execute the HAPPY99, it will display a fire work on your screen.  It looks like this.
 
happy99

The sender of the e-mail doesn’t know that he send the HAPPY99.exe because he didn't know he is effected. The virus attach itself when a e-mail is send under HAPPY99.exe.

However, when you've got the virus you can rename it and send it with your mail as a attachment. But be aware, when the receiver opens it and he knows HAPPY99.exe, he knows that you send it. Even good friends ?

HAPPY99.exe will create two files in the Windows System folder, SKA.EXE (a copy of HAPPY99.exe) and SKA.DLL.   It makes also a backup of WSOCK32.DLL under the name of WSOCK32.SKA.

WSOCK32.DLL is a regular part of Windows that provides a connection to the Internet. If it is unable to modify WSOCK32.DLL, then it will add SKA.EXE to the RunOnce section of the registry and WSOCK32.DLL will be modified next time the computer starts.

The modified WSOCK32.DLL will attach HAPPY99.EXE to a second copy of outgoing e-mail messages.

This virus will keep a list of message recipients in the file LISTE.SKA in the Windows System folder.  The outgoing message contains the header : " X-Spanska: Yes" but is normally not visible.  This virus doesn't contain any code to change the name. However, it would be simple for a person to change it to anything they like.
It contains the encrypted text: "Is it a virus, a worm, a Trojan? MOUT-MOUT Hybrid (c) Spanska 1999."

 

the RunOnce in HKEY_LOCAL_MACHINE\

 

Removal

Click Start, then Shut Down, then "Restart Computer in MS-DOS mode", then click Yes.
At the DOS prompt type:
CD \WINDOWS\SYSTEM
Delete SKA.EXE and, SKA.DLL by typing "DEL SKA.EXE" and "DEL SKA.DLL"
If you get "File not found" you're not infected.
Copy WSOCK32.SKA to WSOCK32.DLL by typing "COPY WSOCK32.SKA WSOCK32.DLL"
If it asks you to overwrite WSOCK32.DLL answer "Yes"
Optional : delete WSOCK32.SKA by typing "DEL WSOCK32.SKA"
Return to Windows by typing : "EXIT"
Optional : click Start, Run, type regedit in the text box, click OK. Click HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion. Under RunOnce check for SKA.EXE and select it if it is there. Press delete and then click Yes. Close Regedit.


 

Virus "Melissa"

 
New virus "Melissa" in circulation.
Recently ' end of March 99, there was a dangerous virus in circulation .  In the VS there were that weekend serious problems at universities, big firms, governement- and militarie institutes.
The virus is called "Melissa" and spread with Word-macro's and emails.
When you receive a email with the message: "Here is the item you asked for.  Show it to nobody."  with an attachment of a word document ( "list.doc"  40 Kb) from a sender, don't open it when you have Microsoft Outlook or Microsoft Outlook Express.  It activates the virus.
When the word-macro asked you to open this document, don't.   Answer NO.
When you receive a email with subject: "Important message from....(sender, mostly a know person).." don't open it.  This message is send by the virus itself.  Opening the email is not dangerous, the virus is activated when you open the word-attachment "list.doc.  Just delete the email and no harm is done.
The virus will send a message to the first 50 email adress of Outlook Express.  The virus itself isn't very damaging.  No documents are infected or data erased.  However, the huge amount of emails will loaded the servers a lot and eventually they crash.
When the virus is opened at the time set on the virus, word-documents could be infected.
The virus "papa" came from "melissa" and infect excel-files and is spreaded by excel-files.
P.S. The maker and sender of that virus was tracked down by the FBI.
Carnegie Mellon University First new website after 5 years of the Computer Emergency Response Team (CERT)
Commandcom melissa
Public Datafiles melissa
Symantec Avcenter mailissa
Antivirus Alerts Melissa melissa
Housecall Antivirus Explorer search on line if your PC is efected by Melissa


 

Worm.Explore.Zip

 

A new dangerous e-mail virus, worm  " Worm.Explorer.Zip " on the net.
It activites itself when you open a zipped_files.exe. A new email virus paralyse, shut down worldwide computers.   It was launched last Monday 7 Jun, it was first seen in Isra�l from where it spreads out over the world.  The virus already shut down computer systems of firms like Boeing, General Electric, BSkyB-net, IFR Asia Magazine and Compaq.  Also the software giant Microsoft was hit.
The virus is spread by e-mail, the worm arrives as an attachment to an e-mail message and infect only the users with a Windows-platform from Microsoft.

The worm is an executable program named "zipped_files.exe" that appears to be a self extracting ZIP archive. It arrives as an attachment to an e-mail message with the following content:

     Hi !

     I received your email and I shall send you a
     reply ASAP.
 
     Til then, take a look at the attached zipped
     docs.

     bye

This virus is more dangerous than Melissa, launched some month ago.  It delete all Microsoft documents like Word, Excel and PowerPoint files and computor program source files. The sabotage program is spread true mostly Microsoft programs like Exchange and Outlook.  Apple computers get not infected.
The new virus is only detected ( still now) when new updates are made for antivirus programs like Symantec (Norton Antivirus), Network Associates (Dr.Solomon Antiviruskit) or DataFellows (F-Prot). Infections with ExploreZip are easy to detect. Press Ctrl-Alt-Del and open the Task Manager. Note the task named Zipped_file (Zipped_files.ex on Windows NT). This is the running worm program. To stop it, select Zipped_file (or Zipped_files.ex) and click End Task. If you have restarted your system since the infection, you will see the process Explore (_setup.exe on Windows NT) instead of Zipped_file. Again, to stop that process, select it and click End Task. Do not confuse the task Explore with the task Explorer as they are different. The Explorer task is the Windows explorer program.
All users are cautioned to think before double clicking on a file included as an attachment to any e-mail message, even if that message appears to come from a friend. If that attachment is a Microsoft Office document and you have macro detection turned on, then you can double click the attachment and the macro detection capability will stop the document from loading if it contains a macro program. It will then give you the choice to enable or disable the macros. Remember, disable macros unless you are expecting to receive them.
 
Computer Incident Advisory Capability. U.S.Department of Energy CIAC Computer Incident Advisory Capability. Detecting an infection, description of removel.
McAfee.com McAfee
McAfee Viruses explorezip McAfee


Download this full trial version from AVP (Anti Virus Protection), see at Trial Versions
Anti Virus Experts: Your First, Last, and Only Line of Defense

Anti Virus Experts, AVX 2000 Professional Evaluation, FULLY FUNCTIONAL for 30 days

You're not alone.

Top

  mailto Michel Beyens

Happy99-Melissa-Worm.Explore.zip | I Love You worm | PrettyPark
Internet Explorer | email | Backdoors | PC | Macro Warning | Virus Warning

HomePage | Overview Pages
Calpe-Spain | Entertainment | Favorite | Hockey | Reefaquarium | Virus

Sign My Guestbook Go to GuestWorld Lycos View My Guestbook