PDA

View Full Version : I got a virus..Now what?



Kookstick
1st November 1999, 23:02
After reformatting my drive recently I decided not to install my McAfee virus scan for a while and so I ran the free virus detection at housecall.antivirus.com and it detected a troj_ska/ska.exe virus,and a ska.dll virus. My wife got it via email from a friend at microsoft.I've installed my Mcafee and it says it can't clean it but I can delete it so I did, does this mean it's gone or is it inside other programs just waiting? If anyone has any knowledge on this would you please assist me. I'm wondering if it's in my memory, if I need to reformat again or if it's no big deal. Thanks sincerely

------------------
Asus P2b(1010),P3 450,128 mb pc100,Matrox G400 DH,Asus 50x,Iomega zip,Mitsumi CDR,Ibm 10 gb hd,Sb Live,Win 98

Wombat
2nd November 1999, 01:37
You're probably pretty clear if McAfee thinks that it got rid of everything. But do make sure to reboot, to clean out your RAM just in case. Also, you may consider "quarintining" yourself for a little bit. Be careful where your floppies go, and try sending an attachment to someone that you know has a virus scanner running.

-Wombat

Buuri
2nd November 1999, 02:42
Also to make sure, run another virus scanner on your system. You can get a very good one, F-Secure Anti-Virus, from <a href="http://www.datafellows.fi">Data Fellows</a>. The DOS version is free, while Win versions are available as evaluation copies.

_
B

[This message has been edited by Buuri (edited 02 November 1999).]

Jorden
2nd November 1999, 06:23
ska.exe and ska.dll ... errr isn't that Melissa?? Look on the internet how to remove the Melissa virus (and btw, don't email for the moment !!!)

Jorden.

Guyver
2nd November 1999, 07:44
ska.exe and ska.dll are a pair of files that came with the Happy99 Virus. The ska.dll replaced the winsock32.dll with itself, and the ska.exe was the executable which said "Happy New Year 99!" with lots of fireworks..

The virus (worm) would then attach itself to any outgoing e-mails over the SMTP port. If you used Exchange or Web-based e-mail, no problems. Otherwise everyone you sent an e-mail to got 2 copies. One the original, one with the Happy99.exe attachment, which when ran, re-propogated itself...

By deleting the SKA.EXE and SKA.DLL (and the infected winsock.dll (or WSOCK32.dll)) then renaming the winsock.old or bak to the original, and rebooting, the virus is gone.

It's not a baddy, and it's not the Melissa Virus....

Here's a link for more info - Just in case anyone doubts my info...

http://www.symantec.com/avcenter/venc/data/happy99.worm.html

Guyver

Jorden
2nd November 1999, 09:13
Okay Guyv, thx... it was that Happy thing yeah...

Jord.

Kookstick
2nd November 1999, 20:02
Thanks everyone, Last night after I wrote this post I had installed mcafee and it got rid of all but one part of the virus that completely screwed things up. I got a illegal operation that would not go away as many times as you clicked on it and I could not access any other part of my system, needless to say I FDISK'd and spent all but 3 hours of last night reinstalling all my settings, games, programs(good thing I wrote everything down in a notebook)it made it pretty easy. Until now I have never had my Mcafee EVER detect anything and was wondering if it even worked. Thanks again to everyone. Cheers BTW, is it possible that my USR 56K V.90 isa modem is now connecting at 57600 with drivers off the w98 cd when before it was at 46K?
------------------
Asus P2b(1010),P3 450,128 mb pc100,Matrox G400 DH,Asus 50x,Iomega zip,Mitsumi CDR,Ibm 10 gb hd,Sb Live,Win 98


[This message has been edited by Kookstick (edited 03 November 1999).]

Guyver
2nd November 1999, 20:13
Sorry Jorden, guess I could have worded that a little more politely....

Guyv http://forums.murc.ws/ubb/frown.gif

Guyver
3rd November 1999, 06:18
Whew!! http://forums.murc.ws/ubb/smile.gif

Guyv

Jorden
3rd November 1999, 17:43
Kookstick, that's possible, if you checked that the modem should connect with 57k6 at all times. I have my connection set up as 115k2, and that works (before I flashed to v.90 I got 230k4 !!) http://forums.murc.ws/ubb/smile.gif

Guyv ?? All I asked was whether or not those files were from Melissa or not. You just said no and explained some things.. What would you or I expect?? Rose petals around that reply?? http://forums.murc.ws/ubb/wink.gif

No offence given or taken... http://forums.murc.ws/ubb/smile.gif

Jorden.

merchant2112
5th November 1999, 06:01
yep for a long time i always wondered if all those virus programs ever worked untill i put a disk i broufht from work home and the mcafee warnings came up when i tryed to use the floppy. hehe.

------------------
ok ive gone and done it, again. its that time of year again. system upgrade time. my new system arives on nov 10 consisting of amd k7 500 (soon to be 650 at least)a ms6167 mobo, addtonics case with sp power(250), global win fkk sink,2x128 pc100 sdram, 5xdvd region free, xitel p storm sound card, 3com 10/100 pci nic, 3com v90 external modem, 10gig maxtor 7200 rpm harddrive,matrox dual head g400 vanila, 19in ctx monitor, ch throttle, ch force fx joystick, thrustmaster e rudder, thmaster supper sport wheel, usb logitech mouseman wheel, acs400 speakers, yamaha rear speakers, 3 80mm case fans (one with a custom build duck (as per intel spec(have yet to build that but i have the parts)).

second and third systems as well p2350 at 450 and k6-2 200 (utility system, burner)