Happy99

 Virus Information - Happy99:

Happy99 is a Win32 based Trojan program. When this program is executed it will display some fireworks. Apart from the fireworks display this programwill do some other activity in the background without the user's permission.In the background this program will create two files SKA.EXE and SKA.DLL.It will alter WSOCK32.DLL to put its code into that file and keep the originalfile as WSOCK32.SKA. It can not modify the WSOCK32.DLL file if it is inuse. In such a case this program will add an entry to the Windows Registryto run SKA.EXE the next time the computer is booted so that it can do thesemodifications. The size of this trojan file is 10000 bytes.

You will not get infected by Happy99 merely by downloading the trojanfile. You will have to execute it to get infected.

The modified WSOCK32.DLL has routines to detect the email and newsgrouppostings made by the user. It will send a copy of the SKA.EXE file renamedas happy99.exe to every user or newsgroup to whom the user has sends anemail. Each recipient will get the email only once and the trojan willnot send repeat email to the same user. It will send a separate email retainingthe subject of the first email with the file as an attachment. The trojanalso maintains the file LISTE.SKA which contains the list of all emailaddresses and newsgroups to which this file has been sent. The unique functionof this trojan is that it can spread on its own.