Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

BEWARE OF HAPPY99 WORM

                     The is a Win32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. ( Normally this file arrives as an e-mail attachment to a particular PC, or it is downloaded from a newsgroup.) When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. Also it modifies WSOCK32.DLL to infect.

                     This worm also maintains a list of addresses it has posted a copy of itself. This is stored in a file called LISTE.SKA. (The number of entries are limited in this file.) The worm contains the following encrytped text which is not displayed:

Is it a virus, a worm, a trojan?
MOUT-MOUT Hybrid (c) Spanska 1999.

                     The mail header of the manipulated mails will contain a new field called "X-Spanska: YES". Normally this header field is not visible to receivers of the message. Since the worm does not check WSOCK32.DLL's attribute, it can not patch it if it is set to read only. Please note that after disinfection of this worm you will have to rename WSOCK32.SKA back to WSOCK32.DLL in \WINDOWS\SYSTEM folder to restore all original WinSock capabilities. "

How can I protect my system?

Fire has incorporated I-Worm/Happy into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility.

How can I find my system is infected?

                     You can check the system manually. This worm creates "SKA.exe" in the windows system folder. The presence of "SKA.exe" ensures you are infected with this worm. A free download [18KB] is available to detect and clean this worm.

                     To find other viruses use our FireLite version. A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Stanley Rakesh, Prognet Technologies Pvt. Ltd, Dec. 2000]

Go to top of the page
.