Fw: Virus Information
Tom Brady
Description
Collection
Title:
Fw: Virus Information
Creator:
Tom Brady
Date:
12/2/1999
Text:
To all:
Sorry all But I ended up with a virus called Happy99.EXE If you got it
you can go to the sight listed and it will give you the fix. It wont crash
your computer or do much but will attack you e-mail from what I understand.
when you get to the sight search for happy 99 then download the fix. I
don't know if anyone else got it or not but the fix will tell you. Once
again sorry and I hope you didn't get it.
TOM
-----Original Message-----
From: Paul E Prusakowski < <Email Address Redacted> >
To: <Email Address Redacted> < <Email Address Redacted> >
Date: Tuesday, November 30, 1999 10:57 AM
Subject: Virus Information
>Here is the technical info on the latest Virus from the www.norton.com
>website.
>The virus will not destroy your system, but will replicate itself and send
>copies to everyone on your mail list, as well as create a link to an XXX
>site
>on your desktop. It is a good idea to have an anti virus software package
>installed on your system. You can download a free, fully functional,
>evaluation
>package from www.norton.com.
>
>Paul Prusakowski, CPO
>
>
>
>VBS.Freelink
>
>Aliases: Freelink, VBS.Freelink
>Area of Infection: \Windows and \Windows\System folder
>Likelihood: Common
>Detected on: July 2, 1999
>Characteristics: Trojan Horse, Worm
>
>
>
>Description
>
>VBS.Freelink is a virus discovered in July 1999. Symantec AntiVirus
Research
>Center has recently been receiving an increase in VBS.Freelink virus
reports
>from our customers. To protect yourself from this virus, all Norton
>AntiVirus customers should ensure their virus definitions are up to date by
>using the LiveUpdate feature. In order to detect the VBS.Freelink virus, it
>is necessary to scan files with the VBS filename extension. It is
>recommended to use the options in NAV to scan All files rather than using
>the Program Files option. Please note that this may cause performance
>issues depending on the software, hardware and configurations you are
using.
>Newer versions of Norton AntiVirus are shipped with scan All files as
>default configurations. If you choose only to scan Program Files, please
>make sure that the configurations in Norton AntiVirus includes the VBS
>file extension as well as the following file extensions in the Scanner
and
>AutoProtect options.
>
>Recommended Extension List as of Oct 5, 1999:
>
>386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT,
>JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?
>
>Technical Notes
>
>VBS.Freelink is an encrypted worm that will work under Windows 98, Windows
>2000 and all the other Windows supporting VB Scripting language. Once the
>worm is launched, it will use MS Outlook to automatically send an email
with
>an attachment of itself. Similar to the Melissa virus, this worm uses MAPI
>calls to get user profiles from MS Outlook. The contents of the email
>generated by this worm are:
>
>Subject: Check this
>
>Have fun with these links. Bye.
>
>When the attached file is executed, it will create the following two files:
>
>C:\WINDOWS\LINKS.VBS C:\WINDOWS\SYSTEM\RUNDLL.VBS
>It will also create a file called LINKS.VBS in the root of all network
>drives that are currently mapped. Next, the worm will modify the following
>registry to execute every time the machine boots up:
>
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
>CurrentVersion\Run\Rundll=RUNDLL.VBS
>After infecting a system, it will displays a dialog box title Free XXX
>links with following content:
>
>This will add a shortcut to free XXX links on
>your desktop. Do you want to continue.
>
>If the user selects yes, it will create a shortcut pointing to an adult web
>site.
>
>It also searches for MIRC32.EXE and PIRCH98.EXE chat programs in C:\MIRC ,
>C:\PIRCH98, C:\PROGRAM FILES and the sub directories of each of these
>directories. If it finds either of these programs, it will modify the
>corresponding SCRIPT.INI file or EVENTS.INI located in the same directory.
>These INI files will cause LINKS.VBS to be sent to other people during the
>IRC sessions.
>
>
Sorry all But I ended up with a virus called Happy99.EXE If you got it
you can go to the sight listed and it will give you the fix. It wont crash
your computer or do much but will attack you e-mail from what I understand.
when you get to the sight search for happy 99 then download the fix. I
don't know if anyone else got it or not but the fix will tell you. Once
again sorry and I hope you didn't get it.
TOM
-----Original Message-----
From: Paul E Prusakowski < <Email Address Redacted> >
To: <Email Address Redacted> < <Email Address Redacted> >
Date: Tuesday, November 30, 1999 10:57 AM
Subject: Virus Information
>Here is the technical info on the latest Virus from the www.norton.com
>website.
>The virus will not destroy your system, but will replicate itself and send
>copies to everyone on your mail list, as well as create a link to an XXX
>site
>on your desktop. It is a good idea to have an anti virus software package
>installed on your system. You can download a free, fully functional,
>evaluation
>package from www.norton.com.
>
>Paul Prusakowski, CPO
>
>
>
>VBS.Freelink
>
>Aliases: Freelink, VBS.Freelink
>Area of Infection: \Windows and \Windows\System folder
>Likelihood: Common
>Detected on: July 2, 1999
>Characteristics: Trojan Horse, Worm
>
>
>
>Description
>
>VBS.Freelink is a virus discovered in July 1999. Symantec AntiVirus
Research
>Center has recently been receiving an increase in VBS.Freelink virus
reports
>from our customers. To protect yourself from this virus, all Norton
>AntiVirus customers should ensure their virus definitions are up to date by
>using the LiveUpdate feature. In order to detect the VBS.Freelink virus, it
>is necessary to scan files with the VBS filename extension. It is
>recommended to use the options in NAV to scan All files rather than using
>the Program Files option. Please note that this may cause performance
>issues depending on the software, hardware and configurations you are
using.
>Newer versions of Norton AntiVirus are shipped with scan All files as
>default configurations. If you choose only to scan Program Files, please
>make sure that the configurations in Norton AntiVirus includes the VBS
>file extension as well as the following file extensions in the Scanner
and
>AutoProtect options.
>
>Recommended Extension List as of Oct 5, 1999:
>
>386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT,
>JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?
>
>Technical Notes
>
>VBS.Freelink is an encrypted worm that will work under Windows 98, Windows
>2000 and all the other Windows supporting VB Scripting language. Once the
>worm is launched, it will use MS Outlook to automatically send an email
with
>an attachment of itself. Similar to the Melissa virus, this worm uses MAPI
>calls to get user profiles from MS Outlook. The contents of the email
>generated by this worm are:
>
>Subject: Check this
>
>Have fun with these links. Bye.
>
>When the attached file is executed, it will create the following two files:
>
>C:\WINDOWS\LINKS.VBS C:\WINDOWS\SYSTEM\RUNDLL.VBS
>It will also create a file called LINKS.VBS in the root of all network
>drives that are currently mapped. Next, the worm will modify the following
>registry to execute every time the machine boots up:
>
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
>CurrentVersion\Run\Rundll=RUNDLL.VBS
>After infecting a system, it will displays a dialog box title Free XXX
>links with following content:
>
>This will add a shortcut to free XXX links on
>your desktop. Do you want to continue.
>
>If the user selects yes, it will create a shortcut pointing to an adult web
>site.
>
>It also searches for MIRC32.EXE and PIRCH98.EXE chat programs in C:\MIRC ,
>C:\PIRCH98, C:\PROGRAM FILES and the sub directories of each of these
>directories. If it finds either of these programs, it will modify the
>corresponding SCRIPT.INI file or EVENTS.INI located in the same directory.
>These INI files will cause LINKS.VBS to be sent to other people during the
>IRC sessions.
>
>
Citation
Tom Brady, “Fw: Virus Information,” Digital Resource Foundation for Orthotics and Prosthetics, accessed November 2, 2024, https://library.drfop.org/items/show/213142.
