 |
 |
Hello Folks, I was sent a kak worm virus through the physio mailbase. I received the attached information from my (trustworthy) virus detector company, AVP. He said that it is impossible to get rid of it just by deleting even with virus detectors. He advises this message be sent to all in your address book. See below Cheers, Anna. Anna Lee Principal, Work Ready - Industrial Athlete Centre Physiotherapist and Occupational Health Consultant Write to me at [log in to unmask] Visit me at www.workready.com.au Snail mail: Suite 3, 82 Enmore Road, Newtown NSW 2042 Australia Tel: (02) 9519 7436 Mob: 0412 33 43 98 Fax: (02) 9519 7439 ----- Original Message ----- From: "AVP Australia" <[log in to unmask]> To: <[log in to unmask]> Sent: Wednesday, 3 May 2000 19:43 Subject: KAK WORM REMOVAL AND IMMUNIZATION > > KAK WORM REMOVAL AND IMMUNIZATION > > The Kak worm exploits a security hole in Microsoft Outlook Express. > While this hole is open, Kak will keep on re-infecting your PC faster > than you can disinfect it. Follow the steps below to eradicate Kak. > (Note that these steps MUST be taken in the correct order!) > > 1. Close down all applications, including any in the system tray. Start > the applications below ONLY to perform the appropriate configuration > changes, then exit the application. > > 2. Make sure the Restricted Sites security has ALL ActiveX support > disabled. Do this on the Tools/Internet Options Security tab in > Internet Explorer, or the Security tab of the Internet Options control > panel. (If you don't know how to do this, just select the Restricted > Sites Zone and click the "Default Level" button to reset the defaults > for that Zone.) > > 3. Set Outlook Express so that Email is in the Restricted Sites Zone. > This is on the Security tab under Tools/Options. > > 4. Delete the Signature definition in Outlook Express for each user > identity. (If you don't know what this means, you probably have > only a single identity, so you will only need to do it once). The > settings are on the Signatures tab under Tools/Options. > > 5. Delete the files kak.htm from the Windows folder and <file>.hta > from the Windows system folder. <file> is an eight character > hexadecimal number ... i.e. it consists of a combination of the > characters 0-9 and A-F. Note that these files have the hidden file > attribute set. You will have to change the default settings in > Explorer to see them. If you are unsure how to do this, select > Help from the Start menu, click on the Index tab, then under > Windows95, enter "hidden files, viewing" or under Windows98 > enter "hidden attribute", and read the topic. There could be > more than one <file>.hta. They are usually 4116 bytes in size. > Delete them all. > > 6. Edit autoexec.bat and delete the two lines which create and delete > kak.hta in the Windows Startup folder. If the file "ae.kak"exists in > Drive C:\ then delete it. > > 7. Go to the Windows Startup folder and delete the file kak.hta, if it > exists. > > 8. Restart your PC and watch closely for a process called Drive > Memory Error which may appear very briefly as a button on the > taskbar. If this happens then you missed something or did the > steps out of order. You will have to start again from scratch. > > 9. Go to: > http://www.microsoft.com/technet/security/bulletin/ms99-032.asp > Read the elert notice and download the official Microsoft patch to > close the security hole which allowed Kak to infect your PC in the > first place. After doing this you can reset your Email security to > the Internet Zone if you wish, although I recommend against it. > > You will almost certainly have one or more messages carrying the > Kak worm in your Email folders. Locate these with AVP scanner > and delete them ... they cannot be disinfected. > > Finally, I highly recommend that you configure all your identities to > send TEXT ONLY Email, rather than HTML default. To set this > configuration you must set Tools/Options/Send to "Plain text" for > the "Mail sending format" and also disable the "Reply to messages > in the format in which they were sent" option. > > It is a good idea to inform anyone you've emailed recently that > you may have sent them the Kak worm. (Send them a copy of > this message if you wish.) > > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%