Re: Viruses on the List (How to Fix)

[Wes Neuenschwander]

Bill and all others who might be interested:

Following is a copy of my earlier post on the VBS_KakWorm.A-M virus{HYPERLINK "glossary.asp" \l "solution"} that has affected some of the listmember's PC's.

Much of the information in this post was taken from the Trend Micro site - a great reference site for all PC viruses, as well as a source for a free online virus checker. You can check out the virus information at the Trend Micro site at:

http://www.antivirus.com/vinfo/

The Trend Micro online virus checker (called Housecall) is available at:

http://housecall.antivirus.com/housecall/start_corp.asp

Following the repost of my original message below I have also included the complete set of instructions from the Trend Micro site for ridding your PC of the VBS_KakWorm.A-M virus{HYPERLINK "glossary.asp" \l "solution"}. THIS PROCEDURE IS NOT FOR THE FAINT OF HEART OR FOR THE INEXPERIENCED. Please read the cautionary note carefully before using this procedure!

REPOST OF ORIGINAL MESSAGE ON THE VBS_KakWorm.A-M virus{HYPERLINK "glossary.asp" \l "solution"}:
_______________

From: Wes Neuenschwander <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Viruses on the List
Date sent: Fri, 26 May 2000 08:33:38 -8

to my previous post:

I have some additional information on the virus that has been reported to have been transmitted from email from the list.

The virus name is VBS_KakWorm.A-M. It works by inserting itself into the message body (or, in one variant, the signature line) of messages sent from Outlook Express. It is activated simply by VIEWING THE MESSAGE IN THE PREVIEW PANE OF OUTLOOK EXPRESS. Please note the last two items carefully: This virus DOES NOT REQUIRE AN EMAIL ATTACHMENT TO PROPAGATE and DOES NOT REQUIRE YOU TO DO ANYTHING OTHER THAN LOOK AT THE MESSAGE TO INFECT YOUR COMPUTER! As such, this is a particularly insidious virus which has the potential to spread rapidly, especially through an email list.

More information on this (and other) viruses is available at:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWO RM.A-M

(You may have to re-enter the name VBS_KAKWORM.A-M in the Search Again box)

Fortunately, it's not particularly destructive, mainly just annoying (displaying messages and possibly shutting down your computer). Nevertheless, it's imcumbent on all of us to take the time to implement precautions to insure that we don't continue propogating this virus!

What you can do:

1) Install and regularly run an effective virus checking program. McAfee, Norton and several other companies provide good virus protection software at a reasonable price. Be sure you regularly update the "virus definition files" to ensure your software can recognize and deal with the most recent versions of these "computer plagues".

Alternatively, use one of the free online virus scanning programs, such as Housecall from Trend Micro (http://housecall.antivirus.com/).

2) Get the latest updates for your Outlook Express (or Outlook) and Internet Explorer programs. Microsoft regularly issues updates for these (and other) products designed to prevent viruses and other security problems from spreading. Just click on the Help button and select Online Support to go to the Microsoft updates page(s) on the web. Or - better yet - install and use Live Update (if you have this feature available) to be informed automatically of security fixes and other updates for your MS products.

3) Send all messages using the Plain Text mode rather than Rich Text or HTML or other format embedded modes. This particular virus (and others like it) exploit the built-in programming capabilities of the HTML scripting language in Outlook. Sending your messages using Plain Text mode will prevent the spread of these types of viruses. (It will not prevent the spread of viruses included in attachments though; you will need to continue to use common sense and not run attachments of uncertain pedigree sent via email.)

To send an email message as plain text, just click on the Format button on the message toolbar and select Plain Text.

To configure Outlook Express to send emails as plain text by default, go to the Outlook Express toolbar and select Tools/Options/Send and select Plain Text under the Mail Sending Format section.

As I've said before, Rich Text/HTML messages are not appropriate for the list in any case, since not all email clients can read them properly. Couple that with the substantial - and growing - risk of spreading destructive viruses via HTML and Rich Text/HTML mode becomes downright unsociable. Expect to get a little "reminder" email from me if we continue to see HTML postings to the list!

And please, continue to email me directly (including a copy of the offending email) if you receive suspect email from the list. Please be sure to include all the original email header information (original poster, date/time, etc.) to assist in tracking the source.

My email address is: [EMAIL PROTECTED]

Be sure to clearly identify the email as being Waflyfishers List Virus Related Email, so I don't accidentally infect my PC while trying to address the problem!

Many thanks to list member Bill Brown (and others) for providing much of the information above. And special thanks to Jim Medick for first bringing this problem to my attention several weeks ago. I'm sorry Jim that I didn't have enough information at that time to pursue it further.

It's now up to us to clean up our machines and email practices and help stave off this growing - and potentially very destructive - problem.

-Wes

_______________

END OF REPOST OF ORIGINAL MESSAGE ON THE VBS_KakWorm.A-M virus{HYPERLINK "glossary.asp" \l "solution"}

**************

TREND MICRO PROCEDURE FOR ELIMINATING THE VBS_KakWorm.A-M VIRUS:
Following is the procedure recomended by the Trend Micro site for ridding your PC of the VBS_KakWorm.A-M virus. (Note: These procedures should only be attempted by someone familiar with the workings of the Windows operating system and comfortable with the prospect of editing these critical Windows systems files. If you are not comfortable with the procedures described below - DON'T DO IT! Get someone competent to assist you in making these changes. FAILURE TO FOLLOW THESE INSTRUCTIONS CAREFULLY MAY RENDER YOUR COMPUTER INOPERABLE!!!)
Once Infected DO NOT REBOOT or re-log your computer.
Please delete the following:

1. The lines in your Autoexec.bat  @echo off>C:\Windows\STARTM~1\Programs\StartUp\ kak.hta del C:\Windows\STARTM~1\Programs\StartUp\kak.hta

2. In the following folders C:\Windows\START MENU\Programs\StartUp\kak.hta C:\WINDOWS\KAK.HTA

3. In your Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ Currentversion\Run\cAg0u = C:\WINDOWS\SYSTEM\.hta HKEY_CURRENT _USER\Identities\<USER�S identity\Software\Microsoft\Outlook Express\5.0\ signatures\Default Signature = 00000000

Wes Neuenschwander Seattle, WA [EMAIL PROTECTED]