Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 Hi Sam, It’s me again. I loaded the URL you suggested and sure enough, 2 days later I received this message: InoculatelT real-time protection has found that C:/WINDOWS/STARTMENU/PROGRAMS/STARTUP/KAK.HTA is infected with Wscripts.Kak, a Worm virus. Not restored. Does that mean than my computer still has the virus or that the problem has screwed up my machine and I have to reinstall Windows? I was hesitant about sending this message. I sure don’t want anyone else to get it in their computer but I didn’t know what else to do. Thank you for any help you can give me. It takes at least 6 attempts to even get Windows to come up. Tootie Re: Out of topic: virus alert <http://click./1/8984/2/_/529507/_/968709363/> <http://click./1/8984/2/_/529507/_/968709363/> eGroups </> My Groups </mygroups> | diabetes_int Main Page </group/diabetes_int> | Start a new group! <http://click./1/8150/2/_/529507/_/968709363/> , I'm 72, a retired Electrical engineer. I searched for kak worm once and found a great free virus program from Computer Associates, the mainframe people. They allow single users to download their software. The URL is http://antivirus.cai.com/ It is frequently updated with patches for new infections. I thought I had cleaned the love virus out, it cleaned 250 infections from the virus. I think it's well behaved, some of us use it. I'm T2, diet only, I'm the househusband and get plenty of work and naps. I write to diabetics, for 3 years, and help people use computers and the net. My favorite search is http://www.google.com/ and suggest all mark this one http://www.refdesk.com/index.html I'm on all day on a fast cable net, to check download speed, use this , I read 131kbytes now, it's sometimes as fast as a T2 line http://computingcentral.msn.com/topics/bandwidth/speedtest.asp Sam in San Diego Public website for Diabetes International: http://www.msteri.com/diabetes-info/diabetes_int Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 Hi, Naomi ... This is from an online buddy, GuitarMan ... This was compiled by several different posts that have run since this worm reared its ugly head. I didn't write them myself, but the information is all true and verified. To see if your machine has been infected with this, do a search on your HD's for the following files: kak.htm kak.hta ae.kak If you have ANY of these lurking on your machine, DON'T SWITCH OFF YOUR 'PUTERS .... and don't panic. This kakey thing is quite easily removable. **************************************************** Here is the write-up from Symantec, the makers of Norton's Anti-Virus. ------------------------------------------------------ Wscript.KakWorm Detected as: Wscript.KakWorm Aliases: VBS.Kak.Worm, Kagou-Anti-Krosoft Infection Length: 4116 bytes Likelihood: Common Detected on: Dec 27, 1999 Region Reported: Europe Characteristics: 1st of any month at 5pm Description VBS.KakWorm is a worm, which spreads using Microsoft Outlook Express. The worm attaches itself to all outgoing messages via the Signature feature of Outlook Express. Signatures allow one to automatically append information at the end of all outgoing messages. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Simply reading the received email message will cause the virus to be placed on the system. Microsoft has patched this security hole already. If you have a patched version of Outlook Express, this worm will not affect them. Technical Description The worm appends itself to the end of legitimate outgoing messages as a signature. When receiving the message, the worm will automatically insert a copy of itself into the appropriate StartUp directory of the Windows operating system for both English and French language versions. The file created is named KAK.HTA. HTA files are executed by current versions of Microsoft Internet Explorer or Netscape Navigator. The system must be rebooted for this file to be executed. Once executed, the worm modifies the registry key: HKCU/Identities/<Identity>/Software/Microsoft/Outlook/Express/5.0/signatures in order to add its own signature file, which is the infected KAK.HTA file. This causes all outgoing mail to be appended by the worm. In addition, the registry key: HKLM/Software/Microsoft/Windows/CurrentVersion/Run/cAgOu is added which causes the worm to be executed each time the computer is restarted. Finally, if it is the first of the month and the hour is 17 (5:00pm), the following message is displayed: " Kagou-Anti-Kro$oft says not today! " and Windows is sent the message to shutdown. There is no other malicious payload. Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 Tootie wrote: << ... I was hesitant about sending this message. I sure don't want anyone else to get it in their computer but I didn't know what else to do. >> It didn't leak through into our system, Tootie. I just checked mine. Twice earlier, Pirtle had problems too, and they never contaminated the rest of our systems. Susie Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 Norgaard set our system up so that we can't use formatting, send attachments, etc. That protects us all. And I'm sure eGroups.com has security measures in place as well. But no system is foolproof. This seems like an appropriate time to remind everyone who uses Windows to visit Microsoft's Update site often and download the necessary files to keep your system humming and squeaky-clean. If you have Win 98, you can set it to automatically notify you when there are " Critical (Security) Updates. " You should have a shortcut to the web site by clicking on START > Windows Update. If you do it manually, the URL is: http://windowsupdate.microsoft.com/ Then click on Product Updates. (It loads slowly.) Susie Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 about the only thing I can suggest is to go to your virus program and see if there is a recent fix, look for update, and click on it, andd it will check. I signed up for notification of new fixes, and keep up to date. I think they have a kakworm fix. They do have some help at that site, I believe, sam Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 I just clicked my autodownload button on the InnoculateIt and got a new update, it didn't say what for. I went to program, InnoculateIt and right clicked add shortcut and it puts a shortcut on your green screen. I have a lot of shortcuts, Sam Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 15, 2000 Report Share Posted September 15, 2000 Susie, the Microsfot site insists I load visual basic from their site. Is that wise? Sam Quote Link to comment Share on other sites More sharing options...
Guest guest Posted September 16, 2000 Report Share Posted September 16, 2000 My last recorded encounter with KAK was May 11th, and my AV program killed it before I even knew it was on my system. All I got was a listing in my Event Log... Re: Out of topic: virus alert In a message dated 00-09-15 18:04:22 EDT, you write: << It didn't leak through into our system, Tootie. I just checked mine. Twice earlier, Pirtle had problems too, and they never contaminated the rest of our systems >> Guess this is one of the good things about having an Old Computer (Windows 3.1)...new 'puter bugs just aren't interested in my pokey ol' system! Vicki Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.