RE: Viruses on the List (How to Fix)

[Anthony Gades]

You sent this message in rtf format -

-tony gades



-----Original Message-----
From: Wes Neuenschwander [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 09:26
To: [EMAIL PROTECTED]; bhtrading
Subject: Re: Viruses on the List (How to Fix)


Bill and all others who might be interested:

Following is a copy of my earlier post on the VBS_KakWorm.A-M
virus{HYPERLINK "glossary.asp" \l "solution"} that has affected some of the
listmember's PC's.

Much of the information in this post was taken from the Trend Micro site - a
great reference site for all PC viruses, as well as a source for a free
online virus checker. You can check out the virus information at the Trend
Micro site at:

http://www.antivirus.com/vinfo/

The Trend Micro online virus checker (called Housecall) is available at:

http://housecall.antivirus.com/housecall/start_corp.asp

Following the repost of my original message below I have also included the
complete set of instructions from the Trend Micro site for ridding your PC
of the VBS_KakWorm.A-M virus{HYPERLINK "glossary.asp" \l "solution"}. THIS
PROCEDURE IS NOT FOR THE FAINT OF HEART OR FOR THE INEXPERIENCED. Please
read the cautionary note carefully before using this procedure!

REPOST OF ORIGINAL MESSAGE ON THE VBS_KakWorm.A-M virus{HYPERLINK
"glossary.asp" \l "solution"}:
_______________

From: Wes Neuenschwander <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Viruses on the List
Date sent: Fri, 26 May 2000 08:33:38 -8

Follow-up to my previous post:

I have some additional information on the virus that has been reported to
have been transmitted from email from the list.

The virus name is VBS_KakWorm.A-M. It works by inserting itself into the
message body (or, in one variant, the signature line) of messages sent from
Outlook Express. It is activated simply by VIEWING THE MESSAGE IN THE
PREVIEW PANE OF OUTLOOK EXPRESS. Please note the last two items carefully:
This virus DOES NOT REQUIRE AN EMAIL ATTACHMENT TO PROPAGATE and DOES NOT
REQUIRE YOU TO DO ANYTHING OTHER THAN LOOK AT THE MESSAGE TO INFECT YOUR
COMPUTER! As such, this is a particularly insidious virus which has the
potential to spread rapidly, especially through an email list.

More information on this (and other) viruses is available at:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWO
RM.A-M

(You may have to re-enter the name VBS_KAKWORM.A-M in the Search Again box)

Fortunately, it's not particularly destructive, mainly just annoying
(displaying messages and possibly shutting down your computer).
Nevertheless, it's imcumbent on all of us to take the time to implement
precautions to insure that we don't continue propogating this virus!

What you can do:

1) Install and regularly run an effective virus checking program. McAfee,
Norton and several other companies provide good virus protection software at
a reasonable price. Be sure you regularly update the "virus definition
files" to ensure your software can recognize and deal with the most recent
versions of these "computer plagues".

Alternatively, use one of the free online virus scanning programs, such as
Housecall from Trend Micro (http://housecall.antivirus.com/).

2) Get the latest updates for your Outlook Express (or Outlook) and Internet
Explorer programs. Microsoft regularly issues updates for these (and other)
products designed to prevent viruses and other security problems from
spreading. Just click on the Help button and select Online Support to go to
the Microsoft updates page(s) on the web. Or - better yet - install and use
Live Update (if you have this feature available) to be informed
automatically of security fixes and other updates for your MS products.

3) Send all messages using the Plain Text mode rather than Rich Text or HTML
or other format embedded modes. This particular virus (and others like it)
exploit the built-in programming capabilities of the HTML scripting language
in Outlook. Sending your messages using Plain Text mode will prevent the
spread of these types of viruses. (It will not prevent the spread of viruses
included in attachments though; you will need to continue to use common
sense and not run attachments of uncertain pedigree sent via email.)

To send an email message as plain text, just click on the Format button on
the message toolbar and select Plain Text.

To configure Outlook Express to send emails as plain text by default, go to
the Outlook Express toolbar and select Tools/Options/Send and select Plain
Text under the Mail Sending Format section.

As I've said before, Rich Text/HTML messages are not appropriate for the
list in any case, since not all email clients can read them properly. Couple
that with the substantial - and growing - risk of spreading destructive
viruses via HTML and Rich Text/HTML mode becomes downright unsociable.
Expect to get a little "reminder" email from me if we continue to see HTML
postings to the list!

And please, continue to email me directly (including a copy of the offending
email) if you receive suspect email from the list. Please be sure to include
all the original email header information (original poster, date/time, etc.)
to assist in tracking the source.

My email address is: [EMAIL PROTECTED]

Be sure to clearly identify the email as being Waflyfishers List Virus
Related Email, so I don't accidentally infect my PC while trying to address
the problem!

Many thanks to list member Bill Brown (and others) for providing much of the
information above. And special thanks to Jim Medick for first bringing this
problem to my attention several weeks ago. I'm sorry Jim that I didn't have
enough information at that time to pursue it further.

It's now up to us to clean up our machines and email practices and help
stave off this growing - and potentially very destructive - problem.

-Wes

_______________

END OF REPOST OF ORIGINAL MESSAGE ON THE VBS_KakWorm.A-M virus{HYPERLINK
"glossary.asp" \l "solution"}

**************

TREND MICRO PROCEDURE FOR ELIMINATING THE VBS_KakWorm.A-M VIRUS:
Following is the procedure recomended by the Trend Micro site for ridding
your PC of the VBS_KakWorm.A-M virus. (Note: These procedures should only be
attempted by someone familiar with the workings of the Windows operating
system and comfortable with the prospect of editing these critical Windows
systems files. If you are not comfortable with the procedures described
below - DON'T DO IT! Get someone competent to assist you in making these
changes. FAILURE TO FOLLOW THESE INSTRUCTIONS CAREFULLY MAY RENDER YOUR
COMPUTER INOPERABLE!!!)
Once Infected DO NOT REBOOT or re-log your computer.
Please delete the following:
1. The lines in your Autoexec.bat  @echo
off>C:\Windows\STARTM~1\Programs\StartUp\ kak.hta del
C:\Windows\STARTM~1\Programs\StartUp\kak.hta
2. In the following folders C:\Windows\START MENU\Programs\StartUp\kak.hta
C:\WINDOWS\KAK.HTA
3. In your Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
Currentversion\Run\cAg0u = C:\WINDOWS\SYSTEM\.hta HKEY_CURRENT
_USER\Identities\<USER�S identity\Software\Microsoft\Outlook Express\5.0\
signatures\Default Signature = 00000000



Wes Neuenschwander Seattle, WA [EMAIL PROTECTED]