Doc Smiley's Cure for the Happy99 Virus: Antivirus for the Beginner

Doc Smiley's Cure
for the Happy99 Virus:
Antivirus for the Beginner

(last updated on June 25, 2000 - 4:00 PM Eastern)

How do I know that I have it for sure?

It came in your email. It was called Happy99 and it was sent by a friend. Or maybe you downloaded it off of a newsgroup. So you ran the program and saw the neat fireworks display. Cool! Little did you know that your computer had just been infected by the Happy99.exe virus.

What is it?

The Happy99 virus is considered a worm or a trojan by many, but let's leave the semantics aside for now. Basically, it is a fireworks animation program that spreads itself by attaching to newsgroup and e-mail messages.

How does it work?

It works by creating some files and modifying another file: wsock32.dll. Windows uses wsock32.dll for Internet programs such as browsers, instant messenger programs, email programs, etc. In order to modify wsock32.dll, Happy99 works in two stages.

First, it copies the original wsock32.dll into a new file (wsock32.ska).

Then, the next time you restart your computer, it replaces the original wsock32.dll with a corrupted version.

The new version tells Windows to send out Happy99.exe the first time you send an email to any Internet address. It only sends it to a given address once. The email is empty except for an attachment containing the virus. The person who receives the virus from you will not get infected merely by receiving the Happy99.exe file.

The only way to get infected is to open the attachment and run the program. Unfortunately, some people have set their email readers to automatically open any attachments. They get infected merely by clicking on the email title.

What problems can it cause?

The Happy99 virus is fairly benign as these things go. It will not destroy your hard drive, send your password list to Outer Mongolia, or give you gum disease. What it will do is use up bandwidth, cause server administrators headaches, and give you a reputation for being either careless or malicious.

How do I know that I have it for sure?

It only works on Windows 95 and 98, and only goes through the first stage on Windows NT, so if you have another operating system, "don't worry, be happy!" (sorry - couldn't resist). If you do have one of these systems on your computer, you can determine whether or not you really have the virus by following these steps:

Click on your "Start" button in the lower left corner of your screen;
Select "Find" then "Files or Folders" from the menu;
In the "Named" box, type:
```
*.ska ska.*
```
Press the "Enter" key.

If you find ska.dll, wsock32.ska, or ska.exe, you have the virus.

How do I get rid of it?

Just print out this page and follow the instructions. I have tried to make them as simple as possible so that even if you are a computer novice, you can safely clean your system of the virus. Not all of these steps are necessary for everyone. But I have written these steps so that they will work for almost everyone. Occasionally someone has a problem, but almost always, that is because of a spelling error or otherwise not followed the procedure exactly. So, please follow these steps carefully and in order. Some of the steps are optional and are so indicated.

Before getting to the steps to remove Happy99, let me ask you something -

What if you could get paid to surf the web?

Hard to believe, right? Well advertisers pay a lot of money to make sure you see ads as you surf the web. But who are they paying it to? That's right - people like me who have web sites. Wouldn't it be nice if you could get some of that money for yourself?

Now you can!

Alladvantage.com will pay you $.50/hour - up to 40 hours per month - to allow them to place a small advertising banner at the bottom of the screen while you surf. You can earn $20 per month and pay for your internet access.

This is where it gets good.

You can refer others to the program and earn $.10 an hour for each hour THEY surf. And if they refer others, you can earn $.05 for each hour THEY surf. You can earn $.05/hour for up to four levels of referrals. WOW! Now obviously, this program will reach a saturation point where people will have a difficult time signing up referrals. L:ike all multilevel marketing programs, the earlier you get in, the better you will do. So the sooner you sign up, the more you will be able to earn from those residuals from other websurfers. And if you get tired of watching the ads (and getting those monthly checks), you can quit anytime!

How do you sign up for this program?

Easy. Just click HERE - or on the banner link below. Then come back and clean Happy99 out of your system.

**** WARNING *****

Failure to follow instructions EXACTLY may
cause problems in accessing the internet or email from your computer! I make or imply no guarantees. If you choose to use the information here, it is of your own free will. You are solely responsible for the care of your computer. If you do not feel comfortable with your level of knowledge, or your ability to accurately follow
these procedures, contact a local computer technician. Most problems are a result of not following the directions in order or by misspelling commands. If you are careful, however, you should have no problems.

1) If you have not already done so since
     running the Happy99 program, restart
     your computer. This step is important
     because the virus does not complete
     the infection process until you restart
     the computer. By following this step before
     deleting any files, you are less likely to
     encounter any error messages in the
     removal procedure.

2) If you have not already done so, delete the
     Happy99 program from wherever you saved it.
     If you aren't sure where it is, go to your start
     button and use "find" then "files" on the
     menu. Search for Happy99.exe. Once you
     find it, delete it.

3) Make SURE all internet related programs
     are turned off (this includes instant messaging
     services such as ICQ and AOL Instant
     Messenger), then restart your computer
     in MS-DOS mode (Click on the Start button,
     select "shut down", then select "restart the
     computer in MS-DOS mode").

4) Once it has restarted, you should see
C:\WINDOWS> on the screen.

5) Type in CD SYSTEM and press "enter".
     You should see C:\WINDOWS\SYSTEM>
     on the screen. If that doesn't get you
     there, try CD C:\WINDOWS\SYSTEM or
      CD WINDOWS\SYSTEM then press "enter".

6) Type in ATTRIB -H WSOCK32.DLL and press
"enter".

7) Type in ATTRIB -R WSOCK32.DLL and press
"enter".

8) Type in COPY WSOCK32.SKA WSOCK32.DLL
and press "enter".

9) If asked if you want to overwrite
wsock32.dll, type "y" for yes, then
"enter" and go to step 10.

*** If you get a message indicating FILE NOT
*** FOUND, complete steps 10, 11, and 13. Then,
*** return to Windows, click here and
*** save the program wsockupd.exe someplace
*** where you can find it. Lastly, run the
*** program. Do not do this if step 9 works.

10) Type DEL SKA.DLL, press "enter". If you
      get a message saying "file not found",
      or "cannot delete", type ATTRIB -H SKA.DLL,
      then press "enter", then type ATTRIB -R SKA.DLL,
      then press "enter", then type DEL SKA.DLL,
      then "enter".

11) Type DEL SKA.EXE, press "enter". If you
      get a message saying "file not found",
      or "cannot delete", type ATTRIB -H SKA.EXE,
      then press "enter", then type ATTRIB -R SKA.EXE,
      then press "enter", then type DEL SKA.EXE,
      then "enter".

12) *OPTIONAL* If you have followed
all of the steps correctly, you may
type DEL WSOCK32.SKA and press "enter".

13) Type in EXIT and press "enter".

Once you have returned to Windows, you might want to find the file "liste.ska" using the "find files" function on the start button. If you have not actually sent the virus to anyone, you won't find this file. You can open this file by double-clicking and selecting "notepad" when asked which program to use to open it. Inside of the file is a list of people to whom you have emailed the virus. You should contact them and let them know about the virus. You might want to tell them about this website so that they can get rid of it. After this, you can delete the file.

That should take care of the Happy99 virus. HOWEVER - unless you are running antivirus software with an updated data or definition file, you could easily catch this virus again or another one. If you already have the software, you should update your data or definition files at least monthly. If you do not have antivirus software, you can follow one of the links on this page to obtain more information about several programs available from Beyond.com.

If you purchase one these programs through these links, I will earn a small commission. So if you decide to purchase at a later time, I would appreciate your using these links to do so. But even if you don't use these programs, just be sure that you use SOME program. Surfing the internet without antivirus software is like having sex without protection. The next virus you catch might be deadly to your computer.

ONE LAST THING!

Below is a web-based search engine which will allow you to find more information on this virus, other viruses, antivirus protection, or any other topic. If you found the information on this page useful, I would appreciate it if you would use this search engine. You see, I get paid $.02 for each person who uses it. It may not sound like much, but I am getting thousands of hits each day. It doesn't cost you anything but a moment of your time. The information I am providing is free, but by using the search engine, you will help reimburse me for my time in maintaining the page and responding to questions. Please don't feel obligated to use it, but I will be very grateful if you choose to help me out.

If you have any problems, feel free to email me (and don't forget the free software!). Before emailing me, though, be sure you have followed all of the steps, spelling everything carefully.

Doc

Click to email me

FastCounter by LinkExchange