 |
 |
Happy99.EXE (aka W32/SKA) - This Worm activates when opening a file named Happy99.EXE that is being distributed on email or through the Internet. This worm sets itself up to activate at the next re-boot. When Happy99.EXE is run, it copies itself to the Windows\System folder under the name SKA.EXE. It then extracts, from within itself., a DLL called SKA.DLL into the Windows\System folder if one does not already exist. This worm also creates the registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Ska.exe ="Ska.exe" - which will execute SKA.EXE the next time the system is restarted. There is no destructive payload at this time with this worm. Do NOT open files or attachments from unknown (and even known sources, sometimes. such was the case here) sources - just delete them.