VIRUS WARNING!!!

[Weird Harold]

The spam message DCL complained about contains the KAK worm program!

if have gotten, or see the message
"From: "cchs" <cchs@cyberway.com.sg> "

DO NOT even read it!

Out of curiosity, I saved it to a text file to see what the Active-X controls it tried to run was. At the very end, I found the scripting for inserting the KAK worm program into your system registry file, and send out copies via your E-MAil address book.

If you have gotten this message, You need to find and remove the *.HTA file it left on your computer and get rid of it to keep it from causing problems.

My daughter's system was infected by this worm program despite real time monitoring by MacAfee's virus software. I use PC-Cillin's web trap real time virus protection, and either that or the security settings asked me if I wanted Active-X controls to run, thereby stopping it from running on my system.

 

[Bliss]

WH,

We used to use McAffee and switched to Norton (also not perfect but better) when I lost a 27 gig HD to an upper registry virus. I see Kak attached to people's emails at least 2 to 3 times a week. I can't believe the number of folks out there risking their computers because they won't buy a $30 virus protection program. I think that most folks don't appreciate that computers are just like expensive cars, and humans. They need preventitive maintenance if you want them to keep working.

 

[Bonnie Wee Lassie]

Wow thanks for the warning.

 

[Skitten]

I have the macafee anit-virus on our laptop and Norton on our pc but thanks for the warning.

 

[Carl East]

Thanks for the warning Harold, I appreciate that.

Carl.

 

[Patryn]

What form did you say it was in/tried to execute? Active-X? That would mean my Mac is actually vulnerable this time.

 

[ShyGuy68]

I too got that e-mail, but only in my hotmail account. I'm very careful not to give out my ISP e-mail addy before I start to trust people that I meet on-line. And since I only access hotmail via my browser, I didn't get that file downloaded to my computer. I just searched it to get it verified.

It is possibil to get an anti virus program free on-line. I got the tip from a friend I have in Montana, she had looked into it, and found out it was among the top of the virus protection software.

You can get it here if you feel like it. It also have an easy auto-update download that works great.

http://antivirus.cai.com/

 

[teresafannin]

I have the MacAfee anti-virus & still got the KAK worm. We put the Norton program on & I have no more problems, at least so far. I ran the MacAfee every day & still had problems. I got it on my ISP Email & unfortunately sent it to some friends. The Norton seems to be the best, I will never be without it again. Thanks for the warning.

 

[Gingersnap]

Thanks for the warning but it hit me and wiped out two files before I could stop it. I detest this kind of sneaky creepy individual that sends this crap out. Oh well at least Tiger won the PGA.

 

[Dixon Carter Lee]

Thanks Harold. I've had no problems. Thank God for Mac, virus protectors and the habit of never opening atachments.

 

[Dreamer1]

Thanks for the warning but it hit me and wiped out two files before I could stop it. I detest this kind of sneaky creepy individual that sends this crap out. Oh well at least Tiger won the PGA.

Sorry to hear that Ginger. Are things up and running better now?

Hell yes, go Tiger! What a great playoff!

 

[Lasher]

*WHEW*

Great bit of info here, WH.

After reading this thread earlier I got a little nervous about the fact that my computer still had McAfee 97 on it, and I'm pretty sure I hadn't updated it since the day I hooked up the computer (about a year and a half ago, LOL). I've been doing a lot of playing around lately with Napster and Gnutella (I've just gotta go broadband now so I can download 300MB files!!), and I thought I better upgrade my defenses.

So, I zipped over to ZDNet ( http://www.zdnet.com ) and downloaded a 90 day trial version of Norton AntiVirus 2000, installed it, and then went thru the hassle of updating all the virus information. After the LiveUpdate business was done and my computer was restarted one more time, guess what I see on my screen.... WARNING!!! blah, blah, blah..... Turns out that I had the damn KAK Worm (now under quarantine if anyone would like to come and take a look at the little bugger). If I hadn't gone to the trouble of getting the LATEST AV info, I would've never known until it was too late.

Valuable lesson learned... And thanks for the tip, WH.

 

[Laurel]

Dude! We get viruses nearly DAILY from someone. Many times they're Word viruses, and my Norton catches 'em & cleans 'em & I email the author to let 'em know they're infectious. I've gotten the KAK before, but I use Eudora, and I guess KAK spreads through Outlook Express so I haven't passed it on to anyone. Once, though, when it "quarantined" the KAK worm, it locked me out of one of my mailboxes. Manu had to read around for hours before we figured out how to free it from the little leech's slimy grip. Viruses and worms suck.

 

[Weird Harold]

What form did you say it was in/tried to execute? Active-X? That would mean my Mac is actually vulnerable this time.

Not unless your MAC has a c:\windows\~~~ directory tree and uses Windows 98 or later.

The KAK "virus" (actually a worm program) inserts itself in the system registry file to run a an HTML application (HTA file) every time the computer starts. If the time and date conditions are met, then it shuts the system down. It's more of an annoyance than destructive.

 

[Jenne64]

For anyone that wants the low down on the KAK worm visit this page. It explains how it runs and how to remove it as well as offering a patch.
http://www.datafellows.com/v-descs/kak.htm

It also lists a lot of the known viruses. Just do me a favour everyone and don't rely on Norton and Mcaffive to heavily for every 5 virus they can detect there are another 3 they can't. Use your common sense when it comes to downloading attachments etc.
Stay safe,
regards,
Jenne

 

[Guest]

I received the "cchs" email at the weekend. I have a very old AppleMac running Outlook Express version 4.0. Does anyone know if the Mac can be infected by the virus? I checked that site, Jenne, but it only mentions Windows 95/98.

If the Mac is infected do you know how to find it and kick it's mischievous little ass?

 

[Weird Harold]

I received the "cchs" email at the weekend. I have a very old AppleMac running Outlook Express version 4.0. Does anyone know if the Mac can be infected by the virus? I checked that site, Jenne, but it only mentions Windows 95/98.

If the Mac is infected do you know how to find it and kick it's mischievous little ass?

Since the script that tried to execute on my machine specifically looks for a subdirectory of C:\windows and c:\autoexec.bat, it's unlikely to infect any machine that doesn't match that configuration.

If it could infect a MAV, finding the *.HTA file and deleting it would stop the worm from executing, and since it's effect on outlook is to change your signature line, then clearing and re-entering your signature line should keep it from spreading.

One thing for windows users to consider: Worms and viruses often look for specific default directories. If you have windows installed to a directory other than C:\windows, and changed the default drive or directory when installing new programs, many viruses can't find the program they are intended to infect (i.e. outlook express)

It's not a surefire method to make your systems virus proof, but in combination with virus shileding software, virus detection software, and a decent firewall, it's just another thing you can do to make your computer harder to infect.

 

[Guest]

Thanks for the advice, WH.