Last significant update: 02 July, 1999
This information can be freely reproduced in any medium, as long as the information is unmodified.
Every once in a while, a virus gets lucky. After all, there are over 40,000 viruses that affect PC computers today (March, '99), but only 600 or so pose any real threat. Viruses have existed since 1986, and many of these viruses are old ones. Sometimes, of course, a new virus becomes a real threat
The W32/Ska.A virus got lucky.
There's nothing particularly notable about this virus. In fact, it can't even replicate without:
But W32/Ska.A has become a nuisance and, though we usually prefer to leave the real viruses to the antivirus industry web pages, this particular thing has caused lots of email warnings, and people ask us if they are hoaxes. So that we don't have to respond at length to each such query, we've written this page.
Before removing the virus, we recommend making a copy to a floppy of the LISTE.SKA file, which by default lives in the C:\WINDOWS subdirectory. This file contains a list of those to whom a copy of the HAPPY99.EXE file has been send from your computer, so you'll probably want to notify those folks after you've cleaned up your system.
We recommend removing Ska after booting in DOS mode or Safe Mode; that will prevent Windows from locking some files used by Ska (so that they cannot be deleted). To boot in DOS mode, choose Restart in MS-DOS mode from the Shutdown menu; to boot in Safe Mode, reboot and press the <F8> function key immediately after it says Starting Windows on screen, and then choose a Safe Mode boot from the menu that will then appear. If you have only Windows-based (GUI) antivirus software, use a Safe Mode boot; if you have a command-line DOS program like F-PROT, you may use either DOS mode or Safe Mode.
To remove this virus, merely use up-to-date antivirus software -- just as you would for any other virus. U-Michigan members may use DSAV v.7.94 when it becomes available, or use the extra driver we supply (including several other viruses): just save the file in the same folder as the rest of the Toolkit. You may also get individual extra driver files; for more information, click here
Those who do not have access to DSAV may use other products; we know for certain that F-PROT v.3.04a handles W32/Ska.A; others do already, and more products will as time passes. More information on F-PROT is available here.
After you have removed the virus, we recommend rebooting and re-running your antivirus software. If there is still a report of this virus being present, then you'll want to contact your antivirus vendor's technical support for assistance; U-M folks are encouraged to contact the U-M Virus Busters team instead. Non-U of Michigan folks may contact us as well; we'll answer as our workload allows.
Finally, open the LISTE.SKA file you saved on a floppy, e.g., with NotePad. Be sure to email all the folks listed there, so they'll know that they may have contracted a virus that came from your computer. Also, try to find out who sent it to you, so that they can be alerted as well.
If you want to provide information about this virus and dropper to others, I suggest that you provide a pointer to this URL: (http://www.umich.edu/~virus-busters/ska.html)
For more detailed technical information on W32/Ska.A, we recommend having a look at DataFellows' Ska description at (http://www.Europe.DataFellows.com/v-descs/ska.htm) (leaving our site).
For general virus or hoax info, please see our main page (http://www.umich.edu/~virus-busters/) or go to another reputable site, like DataFellows (leaving our site).
-BPB
visits to this page since 08 March 8, 1999 12:50 EST