| Port No | 25 |
| Service Name | Happy99 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This worm propagates in networks via email and newsgroup postings. It does not destroy or infect any file, but replicates on networks. It sends email messages and newsgroup postings with a copy of itself as the attachment, Happy99.exe (Year 1999 version) or Happy00.exe (Year 2000 version). |
| Reference Link | happy99 |
| Attack | Solution: MANUAL REMOVAL INSTRUCTIONS Scan your system with Trend Micro antivirus and delete all files detected as WORM_SKA.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users may use HouseCall, Trend Micro's free online virus scanner. Click Start>Search>Files or folders. Look for and then delete these files: WORM_SKA.A WORM_SKA.DLL HAPPY99.EXE HAPPY00.EXE Look for these files and modify their attributes from READ ONLY to ARCHIVE. To achieve this, run ATTRIB.EXE: WSOCK32.SKA WSOCK32.DLL Delete WSOCK32.DLL and rename WSOCK32.SKA as WSOCK32.DLL. If WSOCK32.DLL cannot be deleted because it is being used by other programs, restart the computer in DOS mode and then delete WSOCK32.DLL there with this command: del c:\Windows\System WSOCK32.DLL Type, REGEDIT, then hit the Enter key. In the left panel, double click the following: HKEY_CURRENT_USER>Software>Microsoft>Windows In the right panel, look for and then delete this entry: SKA.EXE |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.