WORKING OF A VIRUS
2
PAGE
1, 2,
Brief
On How A Virus Works In A System
A program or piece
of code that is loaded onto your computer without your
knowledge and runs against your wishes. Most viruses can
also replicate themselves. All computer viruses are
manmade. A simple virus that can make a copy of itself
over and over again is relatively easy to produce. Even
such a simple virus is dangerous because it will quickly
use all available memory and bring the system to a halt.
An even more dangerous type of virus is one capable of
transmitting itself across networks and bypassing
security systems.
Since 1987, when a
virus infected ARPANET, a large network used by the
Defense Department and many universities, many antivirus
programs have become available. These programs
periodically check your computer system for the
best-known types of viruses.
Some people
distinguish between general viruses and worms. A worm is
a special type of virus that can replicate itself and
use memory, but cannot attach itself to other programs
_________________________________________________________________________
Happy99.exe Explained -
_________________________________________________________________________
Have you gotten a mail from someone with a file "happy99.exe" as an
attachment? And did you run it to see a wonderful display of colorful
fireworks? Well then your system is infected by the happy99 worm.Any you
are unknowingly passing on infection to all people you are sending an
email to.
How do I know that my system is infected?
When Happy99 first hit the Internet not many virus scanners could detect
this virus and one had to remove the worm manually from the system.Now
the scene has changed, almost a year after the worm had first hit the
net almost all scanners detect it's presence and remove it immediately.
But we are hackers, we do not need any anti virus to remove a worm, we
will manually remove it.
Happy99.exe the working:
Now when you get an email with happy99.exe attached your system will NOT
get infected by just reading the mail you will have to run the exe file
to infect your system.When you run the attachment you will be shown a
colourful display of fireworks on the screen.While you are enjoying the
fireworks display the worm in the background replaces your winsock32.dll
file with one of it's own. As a result whenever you send someone an
email the worm is send to the recipients as an attachment.
Am I infected?
Goto MSDOS and type:
c:\windows>cd system
c:\windows\system>dir ska*
If you see ska.exe and ska.dll listed then you can be sure that you are
infected.you can also type the following:
c:\windows>dir wsock*
If you infected then it will list wsock32.dll and wsock32.ska.
Ok I am infected How Do I clean my system?
To remove the worm, restart in the MSDOS mode.Then goto the
windows/system directory by typing
c:\windows>cd system
then Delete ska.exe and ska.dll by typing:
c:\windows\system>del ska*
then delete wsock32.dll by typing:
c:\windows\system>del wsock32.dll
then rename your oringinal wsock2.dll which was renamed by the worm to
wsock32.ska back to wsock32.dll.To do so type the following at the DOS
Prompt:
c:\windows\system>ren wsock32.ska wsock32.dll
****************************
Now lets say your machine was infected 10 days ago and since then you
have sent mails to many of your friends.As your system was infected the
Happy99.exe worm was also sent to them.To view a list of people to whom
you mailed the worm view the liste.ska file in the windows\system
directory by typing:
c:\windows\system>type liste.ska
This will show a list of email addresses to whom the virus was mailed.
****************************
Ok back to de-infecting your system.Then delete the liste.ska file too
by typing:
c:\windows\system>del liste.ska
Now reboot the system to a clean machine.Next time you get an email with
the attachment Happy99.exe delete it immediately.Actually it is very
easy to rename the worm from happy99.exe to quake.exe . Basically just
remmenber the following things:
1.Your system will not be infected just by viewing an email.
2. Only files with etensions .exe .com .bat and even .dll can infect
your system.(.doc files may contain Macro Viruses.)
3. So always scan all attachments before opening them even if you trust
the peroson who sent it to you.
If you have never received such an attachment I have attached the
Happy99.exe worm.So you can open it and see it at work.I have also
attached a software which will remove the Happy99.exe and disinfect your
system.First try and remove it manually like I have described above then
remove it with the software.
***************
Techie Tip: If your machine is infected then all emails that you send
will have an extra header.
something like this
X-Spansa:Yes
will show up in the headers.To find out how to view the headers of your
mail client browse the help of your mail client.
***************
Well Bye For Now,Till then Happy Virus Hunting!!!!
PAGE
1, 2,
TOP |
