I just received some kind of attached EXE-File from you. Please refrain from sending binary attachments to the mailing list in the future, since some people on this list have to pay for their connection time. Thank you

Do not execute Happy99.exe, it will infect your system with a WORM virus. Make sure to delete the files ska.dll and ska.exe from your system (search you all directory locations under your windows directory) otherwise you will be infected the next time you re-boot (Windows and NT users only). ------ AVERT - A Division of NAI Labs Virus Name: W32/Ska (a.k.a. Happy99.exe) This page last updated 2/1/99 W32/Ska is a worm that was first posted to several newsgroups and has been reported to several of the AVERT Labs locations worldwide. When this worm is run it displays a message "Happy New Year 1999!!" and displays "fireworks" graphics. The posting on the newsgroups has lead to its propagation. It can also spread on its own, as it can attached itself to a mail message and be sent unknowingly by a user. Because of this attribute it is also considered to be a worm. AVERT cautions all users who may receive the attachment via email to simply delete the mail and the attachment. The worm infects a system via email delivery and arrives as an attachment called Happy99.EXE. It is sent unknowingly by a user. When the program is run it deploys its payload displaying fireworks on the users monitor. Note: At this time no destructive payload has been discovered. When the Happy.EXE is run it copies itself to Windows\System folder under the name SKA.EXE. It then extracts, from within itself, a DLL called SKA.DLL into the Windows\System folder if one does not already exist. Note: Though the SKA.EXE file file is a copy of the original it does not run as the Happy.EXE files does, so it does not copy itself again, nor does it display the fireworks on the users monitor. The worm then checks for the existence of WSOCK32.SKA in the Windows\System folder, if it does not exist and a the file WSOCK32.DLL does exist, it copies the WSOCK32.DLL to WSOCK32.SKA. The worm then creates the registry entry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Ska.exe ="Ska.exe" - which will execute SKA.EXE the next time the system is restarted. When this happens the worm patches WSOCK32.DLL and adds hooks to the exported functions EnumProtocolsW and WSAAsyncGetProtocolByName. The patched code calls two exported functions in SKA.DLL called mail and news, these functions allow the worm to attach itself to SMTP e-mail and also to any postings to newsgroups the user makes. -- Visit the Eco-Blue Divers Homepage at <A HREF="http://www.geocities.com/RainForest/Canopy/5449/index.html"><A HREF="http://www.geocities.com/RainForest/Canopy/5449/index.html</A">http://www.geocities.com/RainForest/Canopy/5449/index.html</A</A>> ______________________________________________________ Get Your Private, Free Email at <A HREF="http://www.hotmail.com"><A HREF="http://www.hotmail.com</A">http://www.hotmail.com</A</A>> - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archiv at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>