>Neznam da li ce kome to sto znaciti ali u Outboxu Agenta nisam nasao
>da je taj Happy.exe zabiljezen na bilo koji nacin. Ili je neka solidna
>greska u programu, ili zbilja postoji virus koji je napravio posao, a
>to cu valjda uskoro primjetiti. Ni s boot disketom Mcafeea nisam nasao
>nista, virus definition file je updatean prije 16 dana. A zbilja
>neznam koji virus brise postove koji se salju na usenet.
>Inace evo ih opet, pa makar se nekima ne svidjali.
>Privremeno koristim zenin mail dok se nesto ne rijesi i dok me
>moderator ne rehabilitira.

Daj odi na hr.org.hinet i procitaj kaj se tamo desavalo zadnjih par
tjedana, downloadaj si normalni antivirusni program i skini si to s
kante, a prije toga nemoj ni slucajno nikome nista slati, jer virus
ima 32-bitni winsock s kojim sam sebe salje repetiranjem svih mail i
news eventa:

--------
-----Original Message-----
From: Simon Tottingham [mailto:Simon@topcall.co.uk]
Sent: 05 February 1999 10:23
To: all@topcall.co.uk
Subject: Trojan warning


Happy99, ska trojan virus.
Information about the happy99, ska Trojan:
Happy99 is a Win32 based Trojan program. When this program is executed
it will display some fireworks. Apart from the fireworks display this
program will do some other activity in the background without the
user's
permission. In the background this program will create two files
SKA.EXE
and SKA.DLL. It will alter WSOCK32.DLL to put its code into that file
and keep the original file as WSOCK32.SKA. It can not modify the
WSOCK32.DLL file if it is in use. In such a case this program will add
an entry to the Windows Registry to run SKA.EXE the next time the
computer is booted so that it can do these modifications. The size of
this trojan file is 10000 bytes.
You will not get infected by Happy99 merely by downloading the trojan
file. You will have to execute it to get infected.
The modified WSOCK32.DLL has routines to detect the email and
newsgroup
postings made by the user. It will send a copy of the SKA.EXE file
renamed as happy99.exe to every user or newsgroup to whom the user has
sends an email. Each recipient will get the email only once and the
trojan will not send repeat email to the same user. It will send a
separate email retaining the subject of the first email with the file
as
an attachment. The trojan also maintains the file LISTE.SKA which
contains the list of all email addresses and newsgroups to which this
file has been sent. The unique function of this trojan is that it can
spread on its own.
Happy99 first apeared in January 1999 and it is reported to have
affected a lot of users.
Other names of happy99:
This trojan is also known as win32.ska.a, ska, wsock32.ska and
ska.exe.
What is happy99? Troran, Virus or Worm?
This program can only be classified as a Trojan. It is not a virus as
it
does not replicate itself. It does not attach itself any other file or
program. It is also not a worm as even though it can spread on its
own,
it needs to be executed to get control. A worm is capable of spreading
and infecting the target computer on its own. Happy99/Ska is a trojan
with the capability to distribute itself.
Removing happy99 from your computer:
You can remove this trojan from your computer by using Protector Plus
antivirus software. Click here to download a 30 day Evaluation Copy of
Protector Plus for your operating system.
You can also remove this trojan manually from your computer. To do
that,
first check the WINDOWS\SYTEM folder for the presence of these files.
1. SKA.EXE
2. SKA.DLL
3. WSOCK32.SKA

If you find these files then you have been attacked by the Happy99
Trojan. To remove this trojan do the following:
1. Delete SKA.EXE, SKA.DLL and WSOCK32.DLL
2. Rename WSOCK32.SKA as WSOCK32.DLL
Make sure that you have WSOCK32.SKA file before deleting WSOCK32.DLL
and
ensure that you have renamed this file properly. You may have to close
your Browser, Email software, etc. to delete and rename the DLL files.
You will have to use an antivirus software capable of detecting this
trojan to ensure that you do not have this file anywhere in your hard
disk. You can use Protector Plus for that purpose.
About Protector Plus Antivirus Software Packages:
Proland Software is the developer of Protector Plus range of antivirus
software packages. Protector Plus is available for Windows 95/98,
Windows NT server, Windows NT workstation, Windows 3.x, DOS and
NetWare
servers.
Protector Plus range of antivirus products offer on-line virus
detection
and removal. All the packages have the ability to detect and isolate
all
types of viruses and trojans. Protector Plus antivirus software can
detect and remove Happy99 trojan reliably.
You can download the FREE Evaluation Copy of Protector Plus antivirus
software for any platform.
You can also purchase these antivirus software packages on-line.
These products are updated on a continuous basis and the latest
upgrades
for all the platforms are made available for downloading from this
site.

-----
Web(Yoga-Vedanta) : http://www.iskon.hr/~dturina/