posted on October 10, 2000 01:55:08 PM new
I was just surfing for yet another Anti Virus program, as I am so disenchanted with Norton, when I came across this Free AntiKak.exe Download. To those who already have this download, my apology for the duplicate.
********************************************
KAK.WORM.B
Name:
Kak.Worm.B
Type:
Worm
Repairable:
Yes
Activation Condition:
On the 11th day of any month, after 17:00 hours.
Seen "In The Wild":
No
Characteristics
This worm is created in VBS (Visual Basic Script). It uses a security hole in Outlook Express. This worm attaches itself to all outgoing messages through the automatic signature in Outlook Express. This security hole permits the creation of a file on the system without having to run any attachments. Kak.Worm.B uses Outlook Express because it can run HTML code through the message preview feature that this program incorporates.
The worm attaches itself to all e-mail messages through the automatic signature in Outlook Express. A patch is available from Microsoft website, so users that updated this application will not be affected. The worm can reach computers in the form of an automatic signature contained in e-mail messages. These automatic signatures contain HTML code, which is invisible to users. When users open the message or preview, the HTML code is run.
If the system date stamp reads the 11th day of any month and the time value of the internal clock is 17:00 hours or later it displays the following message: Days It was a day to be a days! And proceeds to reboot the computer.
Means of Propagation
Kak.Worm.B reaches the systems in the form of HTML code contained in the automatic signature of e-mail messages. Anyway, the worm will only carry out actions when the French or English versions of Windows are installed.
Symptoms of Infection
If the system date stamp reads the 11th day of any month and the time value of the internal clock is 17:00 hours or later it displays the following message: Days It was a day to be a days!. Then, it proceeds to reboot the computer carrying out certain changes in the system.
Means of Infection
When the system is rebooted, Kak.Worm.B creates two files under the names of DAY.REG (in the C:\WINDOWS directory) and DEFAULT.HTM (in the C:\WINDOWS\COMMAND folder). The former maker certain changes to the Windows Registry.
********************************************
The URL for Panda Software is http://www.pandasoftware.com/...Looking at the right-hand side of the page, under Virus Alert is the Free AntiKak Download. I have no idea if it is compatible with Symantec or other Anti Virus programs, so best to check with Panda before installing.
posted on October 10, 2000 02:03:00 PM new
Thanks for the update. Just yesterday I received a KAK infected email from a buyer. I get a KAK infected email about once every week or so.
posted on October 10, 2000 02:56:03 PM new
Not good... Fortunately, I never did get it. Do you have the M.S Patch for Outlook Express? It prevents the KAK from entering your Email Program
There I was able to download a KAK cleaner. After cleaning the KAK worm from my system it directed me to microsoft.com where I downloaded the eyedog patch.
One of the posters suggested to download InnoculateIT, which is a free antivirus program. I did and it works great. Every now and then I update it.
Also from these posts I learned how to set my Active X controls on my control panel, so I can see the warnings on incoming infected email.
Whenever someone sends me infected email, I direct them back here to the appropriate posts. They are usually very grateful. Sometimes they won't fess up and won't admit they have a virus.
Anyway, the KAK was a PITA to get rid of, and I couldn't have cleaned up my computer without the posts here. Thanks shosh, and everyone else!
posted on October 10, 2000 03:31:10 PM new
Glad it all worked out...Sorry, I did not realize you were all protected...Good for you...
I just spent a lot of time reading about various Anti Viral software. First, I thought I would go with In Defense, but have decided not to, as it is more sophisticated, and after talking to very nice people, I found it to be a little intimidating. Then, there were other great ones, but with Support OUT OF THE COUNTRY...Not!
So, I have opted for Panda, which gets super reviews from Tucows, ZDnet and Cnet.
And they have a Tech Support (phone ) right in San Francisco. And it is on special (27.99 + shipping) instead of 59.00, from http://www.10wizard.com/go.shtml?sq=Panda
******************** Shosh
posted on October 10, 2000 07:08:05 PM newglassperson...Hi there...(waving wildly..)
You know, I lost your Email addy, as well as my entire hard drive...last year. Email me sometime, so I can enter it in my new book...Hope all is well with you and yours...
See, I can't stop helping...it must be in my blood, or something...
Fortunately, I never did get it. Do you have the M.S Patch for Outlook Express? It prevents the KAK from entering your Email Program
...
