[Edu-sig] Virus alert.

[Kirby Urner]

Art --

It's ye old Happy99.exe.  I've seen it -- and inadvertently
spread it -- in times gone by.  I'm sharing this with the 
list in case anyone booted the Happy99.exe attachment and 
watched the little fireworks display.  If you did, you've 
been infected.

Happy99 emails itself in the background, as a separate 
send (not as an attachment to your original) -- so it'll
show up a little later from X, after X has sent you
something.  X often doesn't have a clue this is going
on, until X starts getting replies saying "what's with
that file?" or whatever.  Happy99.exe's job is to forward 
itself to others -- it even keeps a log of whom it has 
mailed itself to.

Happy99.exe does no serious damage to your files or
boot sector.  However, it does conceal itself rather 
cleverly -- just finding Happy99.exe and deleting it
from your drive will *NOT* disinfect your computer, IF,
that is, you've actually booted/run Happy99.exe --
delete it NOW if you haven't run it (delete it anyway,
but you'll need to do more).  If you HAVE run it, go 
here for steps to clear it off:

http://www.pchell.com/internet/happy99.shtml

Kirby

At 11:41 AM 12/16/2000 -0500, Arthur Siegel wrote:
>> Sending out viruses, perchance?
>
>Certainly not with any intention.
>
>But apparently yes.
>
>Simply forwarded Eric's message from JPython list.
>
>Apologize.  Any clues to what happened are appreciated.
>
>Re-iterates again a sense of jinx in my efforts toward EDU-SIG
>involvement.
>
>ART