March 23, 1999
From: Steve Reiter
This is a personal rendition of my experience with the Happy99 virus; it is not a hoax warning. Some of you will receive two copies of this notice, as you are listed in different groups in my address book.
About 2 weeks ago I received an e-mail from an acquaintance. It had an attachment, which I opened. It had the label "Happy New Year '99" and when opened was a moving picture of fireworks. I deleted it. Repeat: I deleted it.
Shortly thereafter, I received a couple of e-mails asking what the attachment was that couldn't be opened. I didn't know about any attachment, since I hadn't sent any, and a review of my "Sent" folder did not show any attachments to the e-mails to these people. If you're one of these people, consider yourself lucky.
Some other people started thanking me for the fireworks, as it made their day. My apologies for being in the middle of this.
In any case, when you send off an e-mail, the virus sends a second message, including itself as an attachment. As far as I can tell, it doesn't do it every time, and it doesn't do it to everyone. But I've now received the same virus from the same person. Since it is invisible to the sender, you don't even know you've got it until something goes wrong. One person I know could no longer send his own attachments. Last night, when he told me that he discovered what was causing his problem, I sent myself a message, attaching a small file. While I sent one message, I received two messages. And while both had the same Subject: line, one had my test attachment and one had a copy of the virus. So much for looking for confirmation.
Both Norton and McAfee antivirus programs now have a virus detector (at least for Windows - and I'm not sure that the virus affects Macs). Make sure, when you run the new virus protocols that you have your options set for ALL Programs, not just for executable programs. I will tell you below how to fix it (at least on Windows '98... my guess is it will be very similar in '95).
IF YOU DON'T HAVE AN ANTIVIRUS PROGRAM, by all means, get one. But I will tell you what to do to fix this one. Be it known that I am not a specialist in this area, so take my advice for what it's worth. However, it is pretty clear to me that what I'm going to tell you is what worked for me (and I ended up talking to the Norton people as I got confused by some contradictory information in their program).
Before I forget, before I knew I had a virus, I noticed that there was a file named "it.exe" on a floppy I had recently used to transfer files from another computer. As it turned out, this file was the same executable file that caused the problem in the first place. So you will have to scan your floppies and ZIP drives, etc. I just threw the two floppies I had used recently into the trash.
For Windows '98, the virus did the following:
It added three files to my c:\windows\system folder, as follows:
Two of them had the following names: SKA.DLL SKA.EXE
The virus then did the following: it renamed the WSOCK32.DLL file WSOCK32.SKA, and then put its own file into the folder under the name WSOCK32.DLL.
So to correct the situation, do the following:
You will need to delete all the files that may have touched this virus in your e-mail program. I just deleted everything in my Sent folder and then everything in the "deleted items" folder (elsewhere called "trash"). You may need to leave the program in order for this stuff to go into the Windows Recycle Bin.
Find the Recycle Bin on your desktop. Click on it with the right mouse button. Left-Click on "Empty Recycle Bin" . If you have a "protected" recycle bin, left-click on those words, as well.
That's it. Remember, seek professional advice, if you feel the need. I've just told you what I know, based on what I've done and what I've been told. I do believe it is an accurate representation (at least for Windows '98).
And Hey... if you see an attachment from me with the name "Happy New Year '99," please do let me know.
Steve Reiter [CoachSR@dreamscape.com]