I-WORM/HAPPY

Discussion in 'malware problems & news' started by twin skies, Dec 6, 2002.

Thread Status:
Not open for further replies.
  1. twin skies

    twin skies Guest

    Does anyone know if this is AOL Instant Messenger borne? I reported 2 strange acting system files to my PC builder. A support tech saw fit to diagnose immediately a virus infection common to users of AIM, AOL's Instant Messenger, but non AV support technicians never give anti-virus solutions.

    They like to prescribed System Restore as the only remedy to virus infection, but I thought otherwise. I will advise anyone that whatever the problem is, System Restore is worthless! At least that has been my experience over the past 15 months, with 2 XP machines.

    Just a short time ago I ran the all-in-one DOS application pqremove, from Pandasoftware. It reported I-WORM/HAPPY as active and running. Whether this is a single entity, or two different ones is still not clear to me.

    Anyway, symptoms were: System tray icon for sndvol32.exe would vanish, then reappear, but never with a loss of sound volume. Also on the same playbill but less conspicuos, was the file sndrec32.exe. I believe these 2 files were present when I took delivery of this new PC 35 days ago, and the vanishing/unvanishing mischief started right away, before I installed AOL AIM.

    This caused me to clone the above mentioned files from old the virus-free machine to the new one.
    During, the transfer process, Transfer Wizard (at least that is whom I was lead to believe it was) informed me that these transfered files were to now reside in sub-directory Windows:\system32\dllcache. I saw no reason to protest this at the time.

    The support tech later had me move the files to where they normally reside, C:\Windows\system32. The icon again reappeared to the tray, and I thought that was done with... Well I was wrong. Tray icon dematerialized again, but this time both sndvol32 and sndrec32 stayed just where they should be, C:\Windows\system32..

    So it remains what to do, everything seems alright now. Did pqremove cure it (thanks Pandasoftware), or is the safest bet at this point a non destructive System Recovery? Did I give too much detail? I hope I at least help someone else by pounding all of this out. Oh, and thank you too!

    Some statistics-
    Anti-Virus: Norton 2003 Pro Edition
    Anti-Worm: pqremove (new)
    Other: rarely
     
    twin skies, Dec 6, 2002
    #1
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    welcome, twin skies,

    I-Worm/HAPPY is an oldie (one identity indeed), commonly known as Happy99.

    Please check your system/registry for the existance from:

    HKEY_LOCAL_MACHINE
    \Software\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE

    In case this registry entrance does no longer exists, it's quite safe to say your system is clean(ed).

    Your Norton should catch it on the spot, btw ;)

    regards.

    paul
     
    Paul Wilders, Dec 6, 2002
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...