WinPatrol "report"

Discussion in 'other anti-malware software' started by SG1, Aug 7, 2006.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    a) I use WinPatrol now & then; its Hidden Files category shows files ska.exe, ska.dll.

    b) Their site (Plus Info for the paid, full ver.) page reads:

    "Virus Alert - SKA.EXE, SKA.DLL

    Ska.exe and ska.dll install with the Happy99.worm. One or both of these may be hidden files. This worm has been around for quite a while. It may display a message that reads "Happy New Year 1999" that shows fireworks to hide it's installation. Files called happy99.exe and happy00.exe may appear on your system. This worm spreads via email and newsgroup binaries. It may modify your winsock file (wsock32.dll) copying the original version to wsock32.ska.

    More information can be found at
    http://www.symantec.com/avcenter/venc/data/happy99.worm.html.

    We'd recommend removing these files using WinPatrol. First, kill them under Active Tasks then remove them from your Startup Programs and/or IE Helpers. If running WinPatrol 8.x or later; right click each file then select "Delete file on Reboot". Rename wsock32.ska to wsock32.dll. Finally, reboot your system.

    If you don't want to deal with the removal yourself, a removal tool can be found at http://www.symantec.com/avcenter/venc/data/fix.happy99.worm.html.

    (Final synopsis)
    a.. Virus
    a.. Remove"

    ===================================

    Was a bit taken aback to find the above listed in WinPatrol; but, I do not find any other evidence of alleged worm on this PC. What am I to make of this, then? WP also shows a few other items that are "likely" okay and/or safe, but "sometimes" are renamed files if taken over by this or that trojan dropper, etc.

    I've tried/bought/discarded many a security app over time, and may often run 8-12 security apps while on the internet. May I ask for your collective thoughts, on what may/may not be at play here, on our PC?

    Thanks, SG1 (Pat)
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Have you installed at any time the free Socklock from PSC/BOClean ? If so they are dummy files to protect you, i have the same files due to it.
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    If the above post doesn't answer your question I'd contact Bill, the developer of WinPatrol.
    There is a WinPatrol forum at CastleCops also.
     
  4. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    CloneRanger and the Tester;

    Thanks for info: I have indeed used SockLock (and forgot about it)! And, I think Spybot also inserts dummy file/s, or has an option for it. (?)

    Since I "live here" at Wilders, I sometimes forget that other forums exist, but yes, I should go to CastleCops, post note there and let the gang chew on this, and see what the overall opinion may tend toward or write author, & see what he says.

    I have found no "happy" anything similar named file on 3 drives, tho' it may not mean much as I suppose names of the nasties may mutate. I connect to the net fine, have little or no page load failures (as a friend said may happen if winsock protocol is messed with).

    Thanks, again.
    Regards, SG1 (Pat)
     
Thread Status:
Not open for further replies.