تحميل الهوت ميل الجديد مجانا 2010 hotmail

This Happy99.exe (ska) virus or worm as it is better described, This worm is attached to newsgroup and e-mail messages as an attachment called Happy99.exe. You cannot get infected with this virus just by reading a newsgroup or e-mail message. You have to execute the attachment by opening it. Generally, the person who sent it does not know that they are sending it out. If you didnt execute the attachment, you can just delete it and move on. If you execute an infected attachment, it will display a firework display, once its been activated every email you send will have the file attached. When someone else opens it, the virus spreads and the destruction continues.

Manual Removal of Happy99.exe

Steps marked optional are not absolutely necessary and are completely safe to skip. If youre not comfortable with DOS, get someone knowledgable to help you with this. I cannot make guarantees of perfect safety since its a manual removal, Perform these at your own risk. If you have Windows NT, you dont have to follow the removal steps.


1. Click Start, then Shut Down, then “Restart Computer in MS-DOS mode”, then click Yes. Its important to exit Windows in order to be able to replace the file WSOCK32.DLL which Windows normally has in use.

2.At the DOS prompt type this exactly and press enter at the end of each line:

CD WINDOWSSYSTEM

3. Delete SKA.EXE and SKA.DLL by typing

DEL SKA.EXE
DEL SKA.DLL

If you get “File not found” youre either not infected or in the wrong directory. Make sure youre in your Windows System directory; check to see if you followed step 2 exactly.

4.Copy WSOCK32.SKA to WSOCK32.DLL by typing

ATTRIB -R WSOCK32.DLL
COPY WSOCK32.SKA WSOCK32.DLL

Answer “Yes” if it asks if you want to overwrite WSOCK32.DLL.

WSOCK32.SKA is a backup of the original WSOCK32.DLL. You are replacing the modified DLL with the original. If you get a “Sharing violation” make sure you followed step 1.

5.Optional Delete WSOCK32.SKA by typing

DEL WSOCK32.SKA

You can leave WSOCK32.SKA on your system. It is a copy of your original WSOCK32.DLL Do not delete WSOCK32.SKA if you are unable to replace WSOCK32.DLL with WSOCK32.SKA.

6.Return to Windows by typing

EXIT

7.Optional Delete Windows Registry Key.
Click Start, then Run, then type regedit in the text box, then click OK. Click HKEY_LOCAL_MACHINE, then Software, then Microsoft, then Windows, then CurrentVersion. Under RunOnce check for SKA.EXE and select it if it is there. Press delete and then click Yes. Close Regedit. Dont change anything else without making a backup of the registry first. If you dont find SKA.EXE in the registry, it doesnt mean youre not infected. SKA.EXE is only added to the registry if HAPPY99.EXE is unable to modify WSOCK32.DLL when you run it. Also, youll only find it in the registry if you havent rebooted since you ran HAPPY99.EXE.

8.Optional Choose Start, Programs, Accessories, Notepad, choose File, then Open then type C:WINDOWSSYSTEMLISTE.SKA in the File Name box. Warn the people on the list, then delete LISTE.SKA. Make it clear to the people you warn that they wont be infected unless they ran happy99.exe, to avoid alarming them unnecessarily. If you havent sent out any infected e-mails, there wont be a LISTE.SKA.

9. Optional Delete the HAPPY99.EXE file. The location of HAPPY99.EXE will vary depending on where you saved it. You can delete it simply by dragging it to the Recycle Bin from within Windows or whatever method you prefer. You may still have some messages with HAPPY99.EXE attached in your mailbox. These cannot do anything unless you run them. You can delete them if you want to or just ignore them. 10.Optional If you arent sure whether WSOCK32.DLL is infected, choose Start, then Find, then “Files or Folders”. Then type WSOCK32.DLL in the “Named” box. In the “Look in” box choose drive C: or whatever drive you have Windows on. In the “Containing Text” box type “ska.dll” without the quotes. Then click “Find Now”. If you dont find any files, that means that wsock32.dll isnt the modified version. If you dont have the modified WSOCK32.DLL, the virus has no way to attach to e-mails, even if you have SKA.EXE, SKA.DLL, and WSOCK32.SKA in the Windows System folder. If you have SKA.EXE in the RunOnce registry section, and you havent deleted SKA.EXE, then the virus will try to modify WSOCK32.DLL the next time you restart the computer.

Make sure you type the instructions exactly including spaces and punctuation. You might want to print out the removal instructions so you have something to refer to. If youre having trouble with the DOS commands, get a local person to help you with them. Its hard to know exactly how youre typing the DOS commands and what your exact situation is without seeing it in person.

Kaspersky® Virus Removal Tool is an utility designed to remove all types of infections from your computer. Kaspersky® Virus Removal Tool implies effective algorithms of detection used by Kaspersky Anti-Virus and AVZ Antiviral Toolkit. 

Highlights:
Easy interface.
Can be installed to an infected machine (Safe Mode supported).
Integral search and removal of malicious software: effective combination of signature detection and heuristic analyzer.
System Analysis and interactive scripting language.
Freeware. 

System requirements
Microsoft Windows 2000 Professional (Service Pack 4 or higher)
Microsoft Windows XP Home Edition (Service Pack 2 or higher)
Microsoft Windows XP Professional (Service Pack 2 or higher)
Microsoft Windows Vista Home Basic (32-бит)
Microsoft Windows Vista Home Premium (32-бит)
Microsoft Windows Vista Business (32-бит)
Microsoft Windows Vista Enterprise (32-бит)
Microsoft Windows Vista Ultimate (32-бит) 

Download : Kaspersky Virus Removal Tool v7.0.0.290(2009.01.05) 

HomePage : http://www.kaspersky.com/removaltools

To be able to locate all the mveo.exe and jay.exe files,
1. open a windows explorer window
2. click on tools then click folder options
3. choose the view tab
4. on the hidden files and folders menu tick on show hidden files and folders.
5. uncheck hide extensions for known file types
6. uncheck hide protected operating system files (recommended)
7. click apply then ok

Next we will have to remove the jay.exe and mveo.exe files
1. Press ctrl+alt+del to open taask manager
2. In the processes tab look for the mveo.exe and end process.

To delete all the jay.exe and mveo files, search for it using the search for files and folder option in the start menu.
1. type jay.exe in the searchbar
2. click more advanced option
3. put a check on search hidden files and folders
4. then click on start search
5. delete all jay.exe entries
6. repeat steps 1-5 to search for mveo.exe
7. also delete autorun.inf file

To delete registry entries
1. click on start
2. click on run
3. in the run text box type regedit
4. press ctrl+f and type in the textbox jay.exe
5. delete all entires having jay.exe entries
6. press F3 to search the next entry.

note: if an entry is in c:windows… edit the value and go to the end of the string and
delete only the jay.exe text on the end of the string

To edit the IE windows back to its original name:
1. open regedit
2. press ctrl+f
3. type in the searchbar window title
4. If the value that appears has the jaymyka.wen9.com value, change it to Internet Explorer
note: this would be the title bar of your Internet Explorer.

After all of these steps are done:
try to look again for the jay.exe and mveo.exe files using the search for files and folders application of windows.

after deleting all those files restart your computer.

While each virus or worm appears to pose an individual threat to Lab computers, the real threat is the Internet itself, Computer Protection Program Manager Jim Rothfuss told members of the Computing and Communications Services Advisory Committee (CSAC) at their September meeting.

“The fundamental problem is that the Internet is the threat – the emergency is continuous,” Rothfuss said. “As a result, our protection must be continuous, not just as a response to the crisis of the week.”

As each new worm or virus appears, some of the earlier ones fall off the screen, he said. Such viruses as Code Red, Code Red 2, Nimda, Slammer and others may not be in the news, but they are still out there, scanning for vulnerabilities and attacking whenever the opportunity presents itself.

The recent spread of the SoBig.F worm was the fastest ever, infecting more than a million computers around the world in just a few days. Because of the Lab’s vigilance in maintaining its Virus Wall, only two infections were reported here – out of the 250,000 SoBig.F-infected messages aimed at LBNL.

Once a computer becomes infected, it needs to be taken off the network, have the virus removed, antivirus software updated and the security patches applied. However, because such worms and viruses spread so quickly, if the user attempts to reconnect to a network to download the patches, the machine can get infected again before the patch can be downloaded. To prevent this, the Computer Protection Program has established a procedure called “DHCP Jail,” where vulnerable computers are put in solitary confinement (in other words, cut off from the network), until the vulnerability is fixed. The owner may need to call the Help Desk (x4357) and pay for the Mac/PC Support Group to install patches or have a friend download the patches onto a CD for them.

Such measures are necessary because of the damage an unprotected computer can inflict on other LBNL systems. In the case of the Blaster worm, an infected computer was attached to the Lab network and 76 computers were infected. Subnetworks had to be blocked within the Lab to stop the spread. Cleaning up the cybermess afterward was one of the most costly computer security incidents the Lab has ever had, Rothfuss said.

Enable Automatic Updates: In Windows XP, right-click My Computer, choose Properties, Automatic Updates, and make sure that Keep my computer up to date is checked. (See this months Internet Tips for more on Automatic Updates.) Once a month (preferably just after Microsoft announces its latest security fixes), visit windowsupdate.microsoft.com, let the site scan your system, and then download anything labeled Critical. Every month, no exceptions–got it?

Turn off scripting behaviors in Internet Explorer: Many worms and viruses spread through Web page scripts (commands in the page that push the worm out to anyone who opens it in IE). Other browsers dont have this problem, but if you cant or simply wont change to Opera, Mozilla, or another browser, you must alter IEs scripting settings to block the threat.

In IE, click Tools, Internet Options, Security. Choose the Earth icon under Select a Web content zone, and click Custom Level. The settings in the dialog have three options: Disable, Enable, and Prompt. Enabling everything is asking for trouble, but being prompted every time a script or ActiveX control wants to run will drive you batty. In any event, disable Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Active scripting, and Scripting of Java applets (see FIGURE 1 ). Set Java permissions to High Safety.

With scripts disabled, many of your favorite Web sites may not open. Also, your company intranet or Web mail service may require scripting. If so, add the URLs for these sites and services to IEs Trusted Sites list. Open IE and click Tools, Internet Options, Security. Select the Trusted Sites icon, click Sites, and then enter the URLs one at a time. Uncheck Require server verification (https:) for all sites in this zone, and click OK (see FIGURE 2 ).

Control what starts up with Windows: Many worms place a reference to themselves in a portion of the Windows Registry that defines what programs start up with Windows. The TeaTimer applet that comes bundled with Spybot Search & Destroy 1.3 and with WinPatrol can control what gets added to this list. TeaTimer asks you to verify any program that seeks to be added to that list. Spybot and WinPatrol are free, so why not use both?

Use a software and a hardware firewall: If you have broadband Internet service–even if you have Zone Labs free ZoneAlarm or some other software firewall active on your PC–you cant be too safe. Belkin, D-Link, Linksys, and other vendors sell inexpensive broadband gateways that bounce back worm attacks that otherwise would reach your computer.

Andrew Brandt is a senior associate editor for PC World and the author of the monthly Privacy Watch column.