Re: Out of topic: virus alert

[Guest guest]

Hi Sam,

It’s me again. I loaded the URL you suggested and sure enough, 2 days later

I received this message: InoculatelT real-time protection has found that

C:/WINDOWS/STARTMENU/PROGRAMS/STARTUP/KAK.HTA is infected with Wscripts.Kak,

a Worm virus. Not restored.

Does that mean than my computer still has the virus or that the problem has

screwed up my machine and I have to reinstall Windows? I was hesitant about

sending this message. I sure don’t want anyone else to get it in their

computer but I didn’t know what else to do.

Thank you for any help you can give me. It takes at least 6 attempts to

even get Windows to come up.

Tootie

Re: Out of topic: virus alert

<http://click./1/8984/2/_/529507/_/968709363/>

<http://click./1/8984/2/_/529507/_/968709363/>

eGroups </>

My Groups </mygroups> | diabetes_int Main Page

</group/diabetes_int> | Start a new group!

<http://click./1/8150/2/_/529507/_/968709363/>

, I'm 72, a retired Electrical engineer. I searched for kak worm

once and found a great free virus program from Computer Associates, the

mainframe people. They allow single users to download their software.

The URL is http://antivirus.cai.com/

It is frequently updated with patches for new infections. I thought I

had cleaned the love virus out, it cleaned 250 infections from the

virus. I think it's well behaved, some of us use it.

I'm T2, diet only, I'm the househusband and get plenty of work and naps.

I write to diabetics, for 3 years, and help people use computers and the

net. My favorite search is http://www.google.com/

and suggest all mark this one http://www.refdesk.com/index.html

I'm on all day on a fast cable net, to check download speed, use this ,

I read 131kbytes now, it's sometimes as fast as a T2 line

http://computingcentral.msn.com/topics/bandwidth/speedtest.asp

Sam in San Diego

Public website for Diabetes International:

http://www.msteri.com/diabetes-info/diabetes_int

[Guest guest]

Hi, Naomi ... This is from an online buddy, GuitarMan ...

This was compiled by several different posts that have run since this worm

reared its ugly head. I didn't write them myself, but the information is all

true and verified.

To see if your machine has been infected with this, do a search on your HD's

for the following files:

kak.htm

kak.hta

ae.kak

If you have ANY of these lurking on your machine, DON'T SWITCH OFF YOUR

'PUTERS

.... and don't panic. This kakey thing is quite easily removable.

****************************************************

Here is the write-up from Symantec, the makers of Norton's Anti-Virus.

------------------------------------------------------

Wscript.KakWorm

Detected as: Wscript.KakWorm

Aliases: VBS.Kak.Worm, Kagou-Anti-Krosoft

Infection Length: 4116 bytes

Likelihood: Common

Detected on: Dec 27, 1999

Region Reported: Europe

Characteristics: 1st of any month at 5pm

Description

VBS.KakWorm is a worm, which spreads using Microsoft Outlook Express. The

worm attaches itself to all outgoing messages via the Signature feature of

Outlook Express. Signatures allow one to automatically append information at

the end of all outgoing messages.

The worm utilizes a known Microsoft Outlook Express security hole so that a

viral file is created on the system without having to run any attachment.

Simply reading the received email message will cause the virus to be placed

on the system.

Microsoft has patched this security hole already. If you have a patched

version of Outlook Express, this worm will not affect them.

Technical Description

The worm appends itself to the end of legitimate outgoing messages as a

signature. When receiving the message, the worm will automatically insert a

copy of itself into the appropriate StartUp directory of the Windows

operating system for both English and French language versions. The file

created is named KAK.HTA.

HTA files are executed by current versions of Microsoft Internet Explorer or

Netscape Navigator.

The system must be rebooted for this file to be executed. Once executed, the

worm modifies the registry key:

HKCU/Identities/<Identity>/Software/Microsoft/Outlook/Express/5.0/signatures

in order to add its own signature file, which is the infected KAK.HTA file.

This causes all outgoing mail to be appended by the worm.

In addition, the registry key:

HKLM/Software/Microsoft/Windows/CurrentVersion/Run/cAgOu

is added which causes the worm to be executed each time the computer is

restarted.

Finally, if it is the first of the month and the hour is 17 (5:00pm), the

following message is displayed:

" Kagou-Anti-Kro$oft says not today! "

and Windows is sent the message to shutdown.

There is no other malicious payload.

[Guest guest]

Tootie wrote:

<< ... I was hesitant about sending this message. I sure don't want anyone

else to get it in their

computer but I didn't know what else to do. >>

It didn't leak through into our system, Tootie. I just checked mine. Twice

earlier, Pirtle had problems too, and they never contaminated the rest

of our systems.

Susie

[Guest guest]

Norgaard set our system up so that we can't use formatting, send

attachments, etc. That protects us all. And I'm sure eGroups.com has

security measures in place as well. But no system is foolproof.

This seems like an appropriate time to remind everyone who uses Windows to

visit Microsoft's Update site often and download the necessary files to keep

your system humming and squeaky-clean. If you have Win 98, you can set it to

automatically notify you when there are " Critical (Security) Updates. " You

should have a shortcut to the web site by clicking on START > Windows

Update. If you do it manually, the URL is:

http://windowsupdate.microsoft.com/ Then click on Product Updates. (It

loads slowly.)

Susie

[Guest guest]

about the only thing I can suggest is to go to your virus program and

see if there is a recent fix, look for update, and click on it, andd it

will check. I signed up for notification of new fixes, and keep up to

date. I think they have a kakworm fix. They do have some help at that

site, I believe, sam

[Guest guest]

I just clicked my autodownload button on the InnoculateIt and got a new

update, it didn't say what for. I went to program, InnoculateIt and

right clicked add shortcut and it puts a shortcut on your green screen.

I have a lot of shortcuts, Sam

[Guest guest]

Susie, the Microsfot site insists I load visual basic from their site.

Is that wise? Sam

[Guest guest]

My last recorded encounter with KAK was May 11th, and my AV program killed

it before I even knew it was on my system. All I got was a listing in my

Event Log...

Re: Out of topic: virus alert

In a message dated 00-09-15 18:04:22 EDT, you write:

<<

It didn't leak through into our system, Tootie. I just checked mine. Twice

earlier, Pirtle had problems too, and they never contaminated the

rest

of our systems >>

Guess this is one of the good things about having an Old Computer (Windows

3.1)...new 'puter bugs just aren't interested in my pokey ol' system! Vicki