[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Sorry...
- Subject: Sorry...
- From: Catlyn catlyn@xxxxxxxx
- Date: Sun, 21 Mar 1999 02:37:05 -0500
Sorry I was the Trojan horse. And thank you - all - who wrote to tell me
that I had carried the (wood)worm Happy99 to everyone to whom I had
e-mailed since opening the card.
I've been told that if you DO NOT open the card which comes as an
attachment, and just delete it, you're OK. However, Peter Evans
included a step-by-step procedure for cleaning out the worm. And,
Robert Orndorff sent the following site that offers another way of
getting rid of it:
http://www.softseek.com/Utilities/Virus_Protection/Review_23313_index.html?sw
I have already followed Peter's procedure but may check with Robert's to
be sure I'm rid of all straggly tails.
> ** Removal Procedure **
> >
> >Steps marked 'optional' are not absolutely necessary and are
> >absolutely safe to skip.
> >
>* Click Start, then Shut Down, then "Restart Computer in MS-DOS
> >mode", then click Yes. At the DOS prompt type this exactly and
> >press enter at the end of each line:
> >
> >CD \WINDOWS\SYSTEM
> >
> >If your Windows folder is not called WINDOWS then substitute the
> >name of your Windows folder instead, for example:
> >
> >CD \WIN95\SYSTEM
> >
> >* Delete SKA.EXE and, SKA.DLL by typing
> >
> >DEL SKA.EXE
> >DEL SKA.DLL
> >
> >If you get "File not found," you're either not infected or in
> >the wrong directory. Make sure you're in your Windows System
> >directory; check to see if you followed step 2 exactly.
> >
> >* Copy WSOCK32.SKA to WSOCK32.DLL by typing
> >
> >COPY WSOCK32.SKA WSOCK32.DLL
> >
> >Answer "Yes" if it asks if you want to overwrite WSOCK32.DLL.
> >Explanation: WSOCK32.SKA is a backup of the original
> >WSOCK32.DLL made by the virus. You are replacing the modified
> >DLL with the original.
> >
> >* Optional: Delete WSOCK32.SKA by typing
> >
> >DEL WSOCK32.SKA
> >
> >You can leave WSOCK32.SKA on your system. It is a copy of your
> >original WSOCK32.DLL
> >
> >* Return to Windows by typing
> >EXIT
> >
> >* Optional: Click Start, then Run, then type
> >
> >REGEDIT
> >
> >in the text box, then click OK. Click HKEY_LOCAL_MACHINE,
> >then Software, then Microsoft, then Windows, then
> >CurrentVersion. Under RunOnce check for SKA.EXE and select
> >it if it is there. Press delete and then click Yes. Close
> >Regedit. Don't change anything else without making a backup
> >of the registry first. If you don't find SKA.EXE in the
> >registry, it doesn't mean you're not infected. SKA.EXE is
> >only added to the registry if HAPPY99.EXE is unable to
> >modify WSOCK32.DLL when you run it.
> >
> >* Optional: Choose Start, Programs, Accessories, Notepad,
> >choose File, then Open then type
> >
> >C:\WINDOWS\SYSTEM\LISTE.SKA
> >
> >in the File Name box. Warn the people on the list, then
> >delete LISTE.SKA
> >
> >****
>
>
Thank you, Peter - and Robert.
Anyone know: is there a way to prevent being "used" like this? The
person who infected me was also a Trojan, whose warning came too late!
-Catlyn