On Tue, 22 Jun 1999, R. John Lye wrote:
> Hi Russ and Bob,
Hi,
> If the attachment came through undecoded and I didn't see
> the "little fireworks display" - does that mean that the *.exe
> file did not run and my PC is still OK?
It _should_ mean your PC is okay. The damage occurs when the .exe file is
run. If you look at the URL that I posted in my last message, it explains
what files get created and which ones get modified... you could look
briefly at those files to see if they exist or were modified. Look for
wsock32.ska, ska.exe and/or ska.dll (use the "find files or folders"
option from the start menu to search for them). If you don't have those,
find the attachement associated with that message... if you're using
Eudora, for example there's a folder in the Eudora "file tree" called
"Attachements", and in this case there's probably a "happy.exe" in there.
Just get rid of it by deleteing it (or tossing it in the trash). And
don't forget to open the trash. If you don't use Eudora, then look in
your mailer's directory tree for "attachements" and then try to figure
out where the file happy.exe is living... you can also use the "find
file" thing to look for happy99.exe, but according to the CERT web site,
there are other variant names of the file (although this one is almost
certainly called happy99.exe).
Note: the file by itself doesn't do anything - but if you run it
(happy.exe or one of the variant .exe programs), then your machine will
be infected and messages that you subsequently send to others will have
this virus attached.
> thanks,
>
> John Lye
> rjl6n@Virginia.edu
Hope this helps.
rml
-------------------------------------------------------------------------------
Bob Lang Room N42-140Q | This space for rent.
Consultant MIT Computer Services |
Voice: (617)253-7438 FAX: (617)258-9535 |
-------------------------------------------------------------------------------
|