daneta99
|
posted on October 6, 2000 08:21:24 AM new
I logged on to my email to find an email coming from [email protected] with the kak.worm in it.
I KNEW it was NOT from ebay right away and had no intention of even reading it but by the time I highlighted it to delete it my virus scan went nuts and warned me about the kak worm.
I deleted the virus, my outlook program was shut down and i had to reboot in order to be able to read the rest of my emails.
I am almost sure these emails are coming from the same person calling himself MR PRIVACY...the one spamming and filling some of our email boxes with anti-ebay information about how he was "banned from Ebay".
Sounds familiar?
I have been getting these unwanted emails EVEN when I keep deleting this user/users and blocking their address from my email account.
I have forward ebay/safe harbor the emails for them to look at but they keep coming and Ebayapparently has no clueas to how ot handle thissort of spam because they can't link it to a registered member.
I have tried emailing these nuts back and telling them to stop their emails, advisingthem of how i am blocking them. However, the replies keep getting bounced back to my box as user unknown.
Has anyone else gotten any of these emails?
Is there any way to battle these Anti-Ebay spammers?
Once u deleted the kak worm...is your computer safe? Is there anything else I can/have/need/should do to protect myself and my computer from incidents such as this? Please help.
Thanks in advance!
D
|
daneta99
|
posted on October 6, 2000 09:34:51 AM new
.
|
Valleygirl
|
posted on October 6, 2000 09:39:06 AM new
I got the email also, but no virus attached. I updated my innoculate this week and ran a search just in case. Maybe I got mine first, then someone emailed him the virus and then you got hit.
Not my name on ebay.
|
ehansen
|
posted on October 6, 2000 09:42:32 AM new
"Once u deleted the kak worm...is your computer safe? Is there anything else I can/have/need/should do to protect myself and my computer from incidents such as this? Please help."
Hi There:
I've been "Kak'd" three times. Finally got the fix for it. Microsoft has info and links to a patch at his url:
http://www.microsoft.com/technet/security/virus/kakworm.asp
Once you apply the fix you can't get the kak worm again.
as far as spammers, I've not found any way to to stop them. My first job in the morning is to delete a bunch of unwelcome email. It's annoying but I figure it's going to keep on coming no matter what I do.
|
daneta99
|
posted on October 6, 2000 09:47:45 AM new
Thanks valleygirl and ehansen for info and links...
I will go to get my patch right now. Wish me luck! 
D
|
breinhold
|
posted on October 6, 2000 11:02:37 AM new
be careful
i have had the kak a few times and when you delete it you must not let it sit in the trash. you have to really delete it.
i once got it from a mac user who did not get it but was a carrier. it effects microsoft not mac. mac users are just carriers.
if you use outlook and you delete it from your mail you must go into your deleted mail and delete it again. i have the patch and still norton found a kak in my system.
delete it from quarentine also
and sometimes they come in pairs
one for you to find and another that hides , so keep running your antivirus program untill you are sure.
yesterday i received mail that i am sure was no good. it had only an attachment and nothing telling me what it was. the only way to tell would be to open it. do i deleted it.
and always beware anything that has been forwarded.
also
i got a kak months ago that had no attacthment for me to open. so if someone has it and sends you mail even without an attachment you can get it.
make sure your virus protection is updated or you could have something and not know it because your program isnt looking for it.
|
Empires
|
posted on October 6, 2000 11:34:56 AM new
I had it sent to me also this week. I flipped it back to ebay safeharbor. I originally listed the topic under fraud-buyer beware on AW, Joice pulled it. I knew the email stunk.
No problem here so far. I use Netscape and update Norton weekly. Mr. Privacy needs to be exposed.
[ edited by Empires on Oct 6, 2000 11:35 AM ]
|
outoftheblue
|
posted on October 6, 2000 11:53:17 AM new
The Microsoft patch that ehansen mentioned is by far better than many anti-virus programs because the virus does not infect your system, you are alerted to its presence and you can still read the email containing the virus.
|
outoftheblue
|
posted on October 6, 2000 12:02:30 PM new
breinhold
"i once got it from a mac user who did not get it but was a carrier. it effects microsoft not mac. mac users are just carriers."
How is this possible? In order for the virus to replicate itself it must be activated. It is passed from user to user using the autosignature feature of Outlook and Outlook Express.
Please correct me if I am wrong but I believe that if your system is immune you can't pass it to others without forwarding the infected email.
|
Shoshanah
|
posted on October 6, 2000 12:35:12 PM new
After installing the MS Security Patch, turn off ActiveX(from your Internet OPTIONS), and read this http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406...
Also, disable your Windows Scripting
Host from Start...>Settings...>Control Panel...>Add/Remove...>WINDOWS SET UP....>ACCESSORIES...>Windows Scripting Host.
Don't un-install it..Just DISABLE it, by removing the Check Mark in front of it.
And run a Live Update from whichever Anti Virus program you have. I do mine weekly, I also run a full scan everyday, at start-up.
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
[ edited by Shoshanah on Oct 6, 2000 12:38 PM ]
|
breinhold
|
posted on October 6, 2000 12:45:44 PM new
when i had it the first time i freaked and read everything i could and what i found out was the kak like most virus are designed to hit microsoft because of the number of users.
im no expert but it makes sense to me that if something is made to work with windows it wont work on mac. there are sites on this issue but i havent used them since. and im sure you will find something that supports what i said. macs numbers are smaller so the creeps that make viruses try to take down the most people that they can. that is microsoft users. trust me i wouldnt make something like that up.
if you know a mac person ask them
maybe they will tell you the same
|
Shoshanah
|
posted on October 6, 2000 01:05:15 PM new
daneta99 It would appear that it is not a good idea to reply to these emails, as this is the sender's way to find out if you are receiving it or not. Then, when sender is sure, he/she can share your addy with other nuts, ad nauseum....
Also, have you checked the full headers of the Email?
I also wonder if SpamCop might accept it, and report this abuse to sender's ISP..
http://spamcop.net/
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
|
daneta99
|
posted on October 6, 2000 01:21:38 PM new
the only reason why i replied was because ebay told me i needed to supply them with the email of the abuser...the fact that the emails retunrned as no such address found or no user found means they r making every attempt to be untraceable.
once i realized the first 2 emails returned to sender i did not reply but bloicked everything else time after time...
|
daneta99
|
posted on October 6, 2000 01:23:13 PM new
question:
Where can i click on AW to cancel my account?
|
Shoshanah
|
posted on October 6, 2000 01:30:29 PM new
Don't go... Try sending the info to SpamCop first...
I believe you have to go to Contact Us and request to terminate your account.
http://www.auctionwatch.com/contactus.html
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
|
daneta99
|
posted on October 6, 2000 01:37:51 PM new
Thanks but i must. I am fed up with the moderators double standards on the boards
Adieu mom amie!
Be well...
|
Shoshanah
|
posted on October 6, 2000 02:17:51 PM new
Daniela saying "GoodBye" to Daneta So sorry! 
Adieu, ma petite amie....
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
[ edited by Shoshanah on Oct 6, 2000 02:26 PM ]
|
buyhigh
|
posted on October 6, 2000 02:34:07 PM new
Any easy way of locating this MS patch directly. I used excite and typed in the URL. Got 65,400 sites. Tried kakworm in advanced search-no results.
buyhigh
|
Shoshanah
|
posted on October 6, 2000 02:46:24 PM new
Patch Availability
The vulnerability can be eliminated by taking any of the following actions:
Installing the patch available at http://www.microsoft.com/windows/ie/download/critical/patch9.htm
MS site: http://www.microsoft.com/technet/security/bulletin/MS00-043.asp
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
|
buyhigh
|
posted on October 6, 2000 03:07:41 PM new
Shoshanah - Thanks for your help. Downloaded from the link on the first of your suggestions. When it got to the security patch download, window popped up stating it was not needed. Could my ISP be taking care of this for us?
buyhigh
|
pigsfly2
|
posted on October 6, 2000 04:39:58 PM new
I just went through this last week. The message does not necessarily mean you are safe. You need to install the IE 5.01 service pack BEFORE you install the patch. If you read all the fine print it says that you will receive that message in error if you are running IE 5.0 or lower.
The KAK virus also has a couple of variant versions running around. Depending on which one you've got, there are different steps to take to get rid of it. Symantec's website has a ton of information about it - just be sure to read it ALL. I didn't - so it took me a lot longer to get rid of it.
|
buyhigh
|
posted on October 6, 2000 05:31:45 PM new
OK. I am still running IE 4.01 which I am very happy with and do not wish to change until it no longer will be supported. Have had no glitches or problems. I did download Outlet Express 5.01 however. Any chance the virus has been directed against IE 5 users?
buyhigh
|
Shoshanah
|
posted on October 6, 2000 06:00:49 PM new
I don't know about that. I got the patch last year, while still running IE5.0.
Did you go to the Symantec and read about the KAK and how to remove it? Be very careful, as the registry has to be cleaned up..Go very slowly; you don't want to mess up the Reg.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406
You say you are comfortable with IE4.01; however, there are many cases where a page will not display, because it requires IE5.0 at least. So, if you wonder why you cannot see certain pages...that's it..
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
|
buyhigh
|
posted on October 6, 2000 06:43:29 PM new
Heve never had the problem of a page not displaying using IE4.01. Perhaps I am not searching areas where that will occur. Have not had to get rid of any virus so have not gotten into how to remove it from Symantec. Have an early Norton Anti Virus program where apparently I do not have to buy yearly updates Sometime after I purchased and installed it, they probably figured they were losing money and dicontinued this feature. I still use windows 95. Don't laugh. I now have to download any virus protection updates and install manually which before was automatic which is the only change.
buyhigh
|
Shoshanah
|
posted on October 6, 2000 07:02:13 PM new
Well, consider yourself lucky...Symantec has really put users in a jam...First, the Live Update is no longer Live...it crocked about July....Never got fixed, so everyone has to do manual downloads... Then, they pretend to give a fix by telling users to DELETE the Live Update Installer folder... and download and install the NEW version of it. At that point, we all get an Error9...To top it all, this is what I read a few hours ago:
********************************************
NOTE: The section "To delete the Liveupdate download folder" in the
following document instructs you to delete the DOWNLOADS folder.
====Please do not delete the DOWNLOADS folder. Instead delete the contents
of the DOWNLOADS folder, leaving the folder itself in place.====
Title: 'LiveUpdate continues to display and download the same virus
definitions update'
Document ID: 2000090611151813
Web URL:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2000090611151813&s
rc=w
********************************************
No wonder we all get Error9...we deleted the entire folder,as instructed...
I was basically told that if I am not happy with Symantec, I could go somewhere else....
Love that Customer Service....And you have to pay 29.00 to be insulted on the phone...
********************
Shosh
http://members.ebay.com/aboutme/rifkah/
[ edited by Shoshanah on Oct 6, 2000 07:06 PM ]
|
mzalez
|
posted on October 6, 2000 11:24:09 PM new
At least once every other week I get a KAK infected email from a buyer...that bugger is hard to get rid of, eh?
|
