Security Advisories
VIRUS
ALERT
Very
Important Information
HAPPY 99 Worm
This virus is being circulated via email by a file attachment usually called
Happy99.exe
If run this file will display a window with a java fireworks display and
Happy New Year! will appear.
At the same time will install itself into your system.
All subsequent emails sent out will have the Happy99.exe attached to them
there by infecting any one who runs it.
You will not know you are sending the attachment until someone tells you that
you sent them Happy99.exe.
Please follow the following instructions to clean your system of this virus.
If you have any problems following these directions please email or call into
the office to speak to technical support.
Removing the worm manually:
- Delete WINDOWS\SYSTEM\SKA.DLL
- Delete WINDOWS\SYSTEM\SKA.EXE
- In WINDOWS\SYSTEM\ directory, rename WSOCK32.DLL to
WSOCK32.BAK
- Do not delete WSOCK32.BAK if there is no file called
WSOCK32.SKA if this is the case
please call technical support for more directions.
- In WINDOWS\SYSTEM\ directory, rename WSOCK32.SKA to
WSOCK32.DLL
- Delete the downloaded file, usually named HAPPY99.EXE
- The worm also creates the registry entry
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Ska.exe="Ska.exe
if you are comfortable using REGEDIT, you can delete this entry.
Windows prevents you from doing step #3 and #4 above if the
machine is still connected to the Internet. The file
"windows\system\wsock32.dll" is used whenever the machine is
connected to Internet (i.e. through dial-up or LAN connection). If it prevents
you from deleting those files disconnect any connection you may have, restart
your machine and follow the instructions again.
This is sufficient to remove the worm.
Melissa Virus.
So far this virus affects those computers with Microsoft Office and/or Outlook
installed.
This virus checks for a setting in the registry to test if the system has
already been infected.
This virus checks for low security in Office2000 by checking the value from
the registry;
while the value HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security\"Level"
is not null,
disable "MACRO/SECURITY" menu option. Otherwise Word97 menu option
"TOOLS/MACRO" is disabled.
This virus creates an Outlook object using Visual Basic instructions and reads
the list of members from the address book. An email message is created and
sent to the list of first 50 recipients created with the subject
"Important Message From" Application.UserName, with a body text of
"Here is that document you asked for ... don't show anyone else
;-)". The active infected document is attached and the email is sent. The
document text contains a list of pornographic web sites.
This virus creates an entry in the registry - HKEY_CURRENT_USER\Software\Microsoft\Office\"Melissa?"
= "... by Kwyjibo" if you are comfortable using
REGEDIT, you can delete this entry.
|
.jpg)
