Home>Article> Is the Happy Hour virus a computer virus?

Is the Happy Hour virus a computer virus?

爱喝马黛茶的安东尼
爱喝马黛茶的安东尼 Original
2019-07-26 16:18:46 12786browse

Is the Happy Hour virus a computer virus?

## Happy Hour

The Happy Hour virus is a VB Source program viruses specifically infect .htm, .html, .vbs, .asp and .htt files. It spreads itself as an attachment to an email and exploits a performance flaw in Outlook Express, a known security flaw in Microsoft Outlook Express that can run itself without you running any attachments. I also used the stationery function of Outlook Express to copy myself on the Html template of the stationery for dissemination.

Poisoning Symptoms

When "Happy Hour" attacks:

·It will Disguise yourself as a Help.hta, Help.vbs, Help.htm or Untitled.htm file.

·It will change the key value on HKEY_CURRENT_USER\Software\Help\Count in the registry and update the number of infected files.

The sum of the month and the date is equal to 13

·When the sum of the month and the date is equal to 13, the source virus will delete all .exe and .dll files.

·Each email containing the "Happy Hour" virus will have the following format:

Subject: Help

Message: (The message body is empty)

Attachment: Untitled.htm (infected attachment)

Email-infected files:

.htm, .vbs, .asp or .htt file names will be stored in In the HKEY_CURRENT_USER\Software\Help\FileName of the system registry.

Related recommendations: "

FAQ"

Whenever 366 infected people

·Every time 366 people When an infected person is infected, the following two things have an equal chance of happening:

One is that all letters stored in the inbox will be replied to in the following form:

Subject: Fw: < Initial sender address>

Message: (The message body is empty)

Attachment: Untitled.htm (Infected attachment)

Another situation is as follows Send an email to all default contacts in the form of:

Subject: Help

Message: (The message body is empty)

Attachment: Untitled.htm (Infected attachment)

Default Wallpaper

·The virus source program creates a new default wallpaper and displays an infected Help.htm page so that the virus can automatic running. In order to better hide itself, it will try to use the same wallpaper as before being infected.

·The source virus infects the .htt file under the Windows\web folder. Hypertext template files are used to design and view the contents of folders. If you set up to browse folders via the Web, then every folder you browse will be infected.

Default stationery format

·The virus will set a default stationery format. Every time you send a letter, it will be sent to other people's computers together with the body of the letter. , through such replication, it continues to spread. It should be noted that if your Email program or Email server does not support letters in Html format, the Email program or Email server will convert the letters into attachments and send them to you. If you open the attachment, you will also be infected with the "Happy Hour" virus.

Symantec Security Response has developed a program to recover computers infected by "VBS.Haptime.A@mm" or "VBS.Haptime.B@mm".

How to delete the virus

·Need to delete the .htt file and all detected "VBS.Haptime.A@mm", delete The key value added by the virus in the registry can be used to reset your Outlook Express.

·Update your anti-virus program to make sure you have the latest virus definitions.

·Open Symantec Antivirus (NAV) and run a full system scan to ensure that all files are scanned.

·Change the registry: Click Start, click Run; enter "regedit", click OK, the registry will open; find the following and delete the key value:

HKEY_CURRENT_USER\Software\Help\Count

HKEY_CURRENT_USER\Software\Help\FileName

Exit the Registry Editor.

·Reset Microsoft Outlook Express: Open Outlook Express; click Tools, click Options; click Spelling; in the stationery options, if you do not select stationery when sending the letter, do not select Mail; otherwise, select what you want Letter paper used.

Microsoft has designed a patch for this security vulnerability that exists in the "Scriptlet.TypLib" network multimedia technology control.

If you install this patch, the "Happy Hour" virus will no longer run automatically.

The above is the detailed content of Is the Happy Hour virus a computer virus?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn