Guest guest Posted July 11, 1998 Report Share Posted July 11, 1998 For those of you concerned with the Wscript.Kak.Worm virus, these 2 sites can help. The first is MCAfee's definition and explanation. The second is Sematek (spelling?) and how to get the thing out of your computer. If you worry about having the virus you can get the names of the files from the second then use " find " and look for the files. If you don't find any- you don't have it- if you do you know how to disinfect. Happy computing. Lavon http://vil.nai.com/villib/dispVirus.asp?virus_k=10509At http://www.symantec.com/avcenter/venc/data/happy99.worm.html07: Quote Link to comment Share on other sites More sharing options...
Guest guest Posted August 11, 2000 Report Share Posted August 11, 2000 ---I'm sorry that message was for Delores and I called you Dorothy. Carolyn In PLS-FRIENDSegroups, " Carolyn Myrick " <cmyrick@h...> wrote: > ---Just to let you know that the KakWorm is from script not > attachments.Also Dorothy, I would get ahold of Dell and they should > tell you what to do since you just got your computer from them.We got > the virus awhile ago and got nortons to tell us how to get rid of it, > but you really have to know alot about the computer and it wasn't > easy, but we did it. It is also tricky going into the bowels of your > computer like that. Carolyn In PLS-FRIENDSegroups, " Roy A. > s " <royjacobs@d...> wrote: > > I sent the message below a while back ... but the KakWorm is still > > circulating. > > > > Roy > > > > >Yes, so far I've gotten three or four messages that Norton > Antivirus has > > said are infected with > > > > > > WScript.KakWorm > > > > > >Ya'll might want to delete any attachments when you do a " reply " . > > > > > >Also, if you have an anti-virus program, make sure you have the > latest > > definitions and then do a complete disk scan. > > > > > >I visited the Symantec website (makers of Norton Antivirus) and > you can > > get complete information including how fix things at > > > > > > ><http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406 & > src=hot> > > > > > >Some of the information is > > > > > >----------------------------------------------------------------- -- > ----- > > > > > >At this time, the following information is known about the > > Wscript.KakWorm:Detected as Wscript.KakWorm > > >Aliases VBS.Kak.Worm, Kagou-Anti-Krosoft > > >Infection Length 4116 bytes > > >Likelihood Common > > >Trigger Dates 1st of any month at 5 p.m. > > >Detected on December 27, 1999 > > >One indication of this worm--though it does not occur on all > systems--is > > the message " Driver or memory error " that appears briefly as Windows > > starts.WARNING: This worm takes advantage of a known Microsoft > Outlook > > Express security hole. Microsoft has a patch for this security hole > and has > > made it available at the following link. > > > > > ><http://www.microsoft.com/TechNet/IE/tools/scrpteye.asp> > > > > > >Description > > > > > >VBS.KakWorm is a worm. It spreads using Microsoft Outlook Express. > The > > worm attaches itself to all outgoing messages using the Signature > feature > > of Outlook Express. Signatures enable you to automatically append > > information at the end of all outgoing messages.This worm uses > three files > > to deliver its payload. The file extensions are: > > >· .hta > > >· .reg > > >· .bat > > >The message that contains this worm is written in an HTML format > that > > supports scripting. It uses a security hole in Microsoft Outlook and > > Microsoft Outlook Express that is known as " Scriptlet TypeLib, " and > it > > places a shortcut to an .hta file in the StartUp folder. The next > time the > > computer is restarted, the .hta file is run.This worm can reinfect > your > > computer if it is displayed in the preview pane of Outlook. This > can happen > > when switching between folders. (This means that a viral file can be > > created on the system without having to open an attachment.) This > can be > > prevented by applying Microsoft's security update patch. With this > update, > > you are asked whether you want to run the ActiveX control which is > marked > > " safe for scripting. " If you have a patched version of Outlook or > Outlook > > Express, this worm will not affect you.To obtain the Microsoft > patch, go to: > > > > > ><http://www.microsoft.com/TechNet/IE/tools/scrpteye.asp> > > > > > >Additional information is available at this location. Most users > will want > > to download the Intel version.If a system is infected, there will > be no > > real indication of this until the 1st day of any given month. On > the first > > of the month you will see the following message: " Kagou-Anti- Kro$oft > says > > not today! " If you click OK, the computer shuts down. This window > returns > > each time you start Windows.NOTE: As noted previously, > Wscript.KakWorm is > > spread as part of an email message--not an attachment. If, however, > your > > email program--or the email server that handles the message--is not > set up > > for or capable of handling HTML encoded messages, the program or > server > > will convert the encoded message to an attachment. This attachment > will > > usually have a name such as Att1.htm. If you open the attachment, > it can > > have the same effect as would receiving the email message with the > worm > > imbedded. > > > > > >----------------------------------------------------------------- -- > ----- > > > > > >As always, safe computing says you should be very careful about > opening > > attachments. > > > > > >Hope this helps. > > > > > >Roy s Quote Link to comment Share on other sites More sharing options...
Guest guest Posted August 12, 2000 Report Share Posted August 12, 2000 I have a new Dell computer and have run the Norton virus scan (along with the updates) twice, it hasn't found any virus bugs. I don't use Outlook Express to view my PLS-Friends messages, I use Yahoo or view them from eGroup directly. I think the problems comes when you use Outlook Express for your message viewing. Am I correct? Dolores, if you want to call me, , I can walk you through running Norton. It was installed on your computer from the factory.j, Jen, JT, mdmfoo, whatever! Check out the PLS Awareness website and help raise money for research! http://www.geocities.com/mdmfoo/pls.html Quote Link to comment Share on other sites More sharing options...
Guest guest Posted August 18, 2000 Report Share Posted August 18, 2000 I use Eudora Light to read email and my Norton's Antivirus detected the KakWorm and wouldn't download the message from my provider. As a result, the message was still in the queue on the mail server and when I tried to resume downloading, NAV would detect it again and stop the download. (Maybe NAV refused to download it because KakWorm is a script rather than a virus. Once before when I got a message with a virus in the attachment, NAV let me download it and then quarantine it.) I then had to go to www.mailstart.com where you enter your isp name and password and can view, read, delete, etc mail messages in the queue. I suspect the reason you didn't have any problems was because you were reading your messages online and not downloading them to your hard disk. Roy At 07:12 AM 8/12/00 -0700, you wrote: > It was installed on your computer from the factory.j > > Jen, JT, mdmfoo, whatever! http://www.geocities.com/mdmfoo/pls.html > Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.