virus

[Guest guest]

---Just to let you know that the KakWorm is from script not

attachments.Also Dorothy, I would get ahold of Dell and they should

tell you what to do since you just got your computer from them.We got

the virus awhile ago and got nortons to tell us how to get rid of it,

but you really have to know alot about the computer and it wasn't

easy, but we did it. It is also tricky going into the bowels of your

computer like that. Carolyn In PLS-FRIENDSegroups, " Roy A.

s " <royjacobs@d...> wrote:

> I sent the message below a while back ... but the KakWorm is still

> circulating.

>

> Roy

>

> >Yes, so far I've gotten three or four messages that Norton

Antivirus has

> said are infected with

> >

> > WScript.KakWorm

> >

> >Ya'll might want to delete any attachments when you do a " reply " .

> >

> >Also, if you have an anti-virus program, make sure you have the

latest

> definitions and then do a complete disk scan.

> >

> >I visited the Symantec website (makers of Norton Antivirus) and

you can

> get complete information including how fix things at

> >

>

><http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406 &

src=hot>

> >

> >Some of the information is

> >

> >-------------------------------------------------------------------

-----

> >

> >At this time, the following information is known about the

> Wscript.KakWorm:Detected as Wscript.KakWorm

> >Aliases VBS.Kak.Worm, Kagou-Anti-Krosoft

> >Infection Length 4116 bytes

> >Likelihood Common

> >Trigger Dates 1st of any month at 5 p.m.

> >Detected on December 27, 1999

> >One indication of this worm--though it does not occur on all

systems--is

> the message " Driver or memory error " that appears briefly as Windows

> starts.WARNING: This worm takes advantage of a known Microsoft

Outlook

> Express security hole. Microsoft has a patch for this security hole

and has

> made it available at the following link.

> >

> ><http://www.microsoft.com/TechNet/IE/tools/scrpteye.asp>

> >

> >Description

> >

> >VBS.KakWorm is a worm. It spreads using Microsoft Outlook Express.

The

> worm attaches itself to all outgoing messages using the Signature

feature

> of Outlook Express. Signatures enable you to automatically append

> information at the end of all outgoing messages.This worm uses

three files

> to deliver its payload. The file extensions are:

> >· .hta

> >· .reg

> >· .bat

> >The message that contains this worm is written in an HTML format

that

> supports scripting. It uses a security hole in Microsoft Outlook and

> Microsoft Outlook Express that is known as " Scriptlet TypeLib, " and

it

> places a shortcut to an .hta file in the StartUp folder. The next

time the

> computer is restarted, the .hta file is run.This worm can reinfect

your

> computer if it is displayed in the preview pane of Outlook. This

can happen

> when switching between folders. (This means that a viral file can be

> created on the system without having to open an attachment.) This

can be

> prevented by applying Microsoft's security update patch. With this

update,

> you are asked whether you want to run the ActiveX control which is

marked

> " safe for scripting. " If you have a patched version of Outlook or

Outlook

> Express, this worm will not affect you.To obtain the Microsoft

patch, go to:

> >

> ><http://www.microsoft.com/TechNet/IE/tools/scrpteye.asp>

> >

> >Additional information is available at this location. Most users

will want

> to download the Intel version.If a system is infected, there will

be no

> real indication of this until the 1st day of any given month. On

the first

> of the month you will see the following message: " Kagou-Anti-Kro$oft

says

> not today! " If you click OK, the computer shuts down. This window

returns

> each time you start Windows.NOTE: As noted previously,

Wscript.KakWorm is

> spread as part of an email message--not an attachment. If, however,

your

> email program--or the email server that handles the message--is not

set up

> for or capable of handling HTML encoded messages, the program or

server

> will convert the encoded message to an attachment. This attachment

will

> usually have a name such as Att1.htm. If you open the attachment,

it can

> have the same effect as would receiving the email message with the

worm

> imbedded.

> >

> >-------------------------------------------------------------------

-----

> >

> >As always, safe computing says you should be very careful about

opening

> attachments.

> >

> >Hope this helps.

> >

> >Roy s

[Guest guest]

It's good to know how to get rid of the virus. But it's better not to get

one. I recommend that people be very careful about forwarding to the group

multi-forwarded messages that they aren't sure of the source. In e-mail, as

in other facets of life, safe is better than sorry.

Re: Fw: Virus

> For those of you concerned with the Wscript.Kak.Worm virus, these 2 sites

> can help. The first is MCAfee's definition and explanation. The second

is

> Sematek (spelling?) and how to get the thing out of your computer. If you

> worry about having the virus you can get the names of the files from the

> second then use " find " and look for the files. If you don't find any- you

> don't have it- if you do you know how to disinfect. Happy computing.

Lavon

>

> http://vil.nai.com/villib/dispVirus.asp?virus_k=10509At

>

> http://www.symantec.com/avcenter/venc/data/happy99.worm.html07:

>

>

>

>

>

>

[Guest guest]

Funny that there should be a virus hoax going around, because today I

received an e-mail from " Hahaha " -subject " The Seven Dwarfs--the Real Story "

.. When I clicked on the attachment, my computer told me that it was

infected with a virus that my PC could not " fix " and " did I want it to be

quarantined " ? Several hours later, I had a similar e-mail, so I did not

open the attachment, I just deleted the message.

Dolores