Help - Why Am I Sending 2 Messages Each Time?

Description of your first forum.

Help - Why Am I Sending 2 Messages Each Time?

Post by Benjamin Smit » Thu, 18 Feb 1999 04:00:00


So, this explains why I got one and the sender did not realize what was
going on.

Does it affect Macs?

Ben S.

 
 
 

Help - Why Am I Sending 2 Messages Each Time?

Post by Charle » Thu, 18 Feb 1999 04:00:00



Quote:>So, this explains why I got one and the sender did not realize what was
>going on.

>Does it affect Macs?

>Ben S.

No.
 
 
 

Help - Why Am I Sending 2 Messages Each Time?

Post by Tom & Lind » Fri, 19 Feb 1999 04:00:00


Help.

Somehow, I'm sending 2 messages each time, even though I only try to
send one.  And some files are coming out as gibberish.

It's some kind of 1999 Fireworks file which goes with the second
message.

Is it a virus of some kind?

Any quick thoughts before I call AT&T Worldnet?

--Tom

 
 
 

Help - Why Am I Sending 2 Messages Each Time?

Post by portne » Fri, 19 Feb 1999 04:00:00


Yes.  And this is important.  You have a "worm" type of "virus".

I am posting this and e-mailing you.

Below, in brackets, is a portion of an article from a respected
internet professional: Fred Lagna (spelling?):

[Worm Alert!

I get a lot of email--- at last count, over 600 per day.
Last week, along with the various email contents, four
people sent me attachments that contained the "Happy99"
worm.

A worm is like a virus in that it hitches a ride with
something legitimate---a file or program, usually. In this
case, the worm rides along in a file called HAPPY99.EXE. If
you run the program, it opens a window entitled "Happy New
Year 1999 !!" and shows fireworks. This is a ruse to
disguise the worm's other actions.

According to the folks at the Symantec Anti-Virus Research
Center:

  "The program copies itself as SKA.EXE and
  extracts a DLL that it carries as SKA.DLL into
  WINDOWS\SYSTEM directory. It also modifies WSOCK32.DLL
  in WINDOWS\SYSTEM directory and copies the original
  WSOCK32.DLL into WSOCK32.SKA.
  "WSOCK32.DLL handles internet-connectivity in
  Windows 95 and 98. The modification to WSOCK32.DLL
  allows the worm routine to be triggered when a connect
  or send activity is detected. When such online activity
  occurs, the modified code loads the worm's SKA.DLL.
  This SKA.DLL creates a new email or a new article with
  UUENCODED HAPPY99.EXE inserted into the email or
  article. It then sends this email or posts this
  article.

  "If WSOCK32.DLL is in use when the worm tries to
  modify it (i.e. a user is online), the worm adds a
  registry entry:

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE

  "The registry entry loads the worm the next time
  Windows start."

So, the worm automatically replicates itself from machine to
machine. It doesn't damage any data or corrupt your files,
but it does spread itself around--- and some of you are
spreading it to me and others. (Accidentally, I'm sure.) 8-)

A good anti-virus app will find copies of Happy99.EXE and
flag them for you. Symantec also says you can clean things
up manually:

  1.   delete WINDOWS\SYSTEM\SKA.EXE
  2.   delete WINDOWS\SYSTEM\SKA.DLL
  3.   replace WINDOWS\SYSTEM\WSOCK32.DLL with
       WINDOWS\SYSTEM\WSOCK32.SKA
  4.   delete the downloaded file, usually named
       HAPPY99.EXE

Check your system!]

-=Stu=-
To e-mail a reply to this post, please use the link below.
Visit my non-commercial website: All About Wheelchairs at:
http://www.seflin.org/wheels



Quote:> Help.

> Somehow, I'm sending 2 messages each time, even though I only try to
> send one.  And some files are coming out as gibberish.

> It's some kind of 1999 Fireworks file which goes with the second
> message.

> Is it a virus of some kind?

> Any quick thoughts before I call AT&T Worldnet?

> --Tom

--
Posted via Talkway - http://www.talkway.com
Surf Usenet at home, on the road, and by email -- always at Talkway.