Virus

winston · Post by **winston** » 2 May 2000 4:51 pm

I just got rid of a virus that is being passed through outlook express. This is the fix from a computer expert here at home. It does work and is easy to execute. Here is his email for the fix.

Yes sir, sure have. You have the Wscript worm virus passed through outlook express (which I use which means I have it now lol). It's fairly easy to get rid of but you do have to edit the registry. Here's the fix . . .

Go to find on the start button menu, then to files and folders.
search the entire c: drive for KAK.HTA file
When you find it delete it and remove it from your recycle bin

Now the tricky stuff. . . .
Go to run on the start button menu and in the run box type REGEDIT
This will run the registry editor. On the left side double click on HKEY_LOCAL_MACHINE
Then double click the following folders as they drop down . .
SOFTWARE
MICROSOFT
WINDOWS
CURRENTVERSION
RUN

highlight the entry cAgOu and delete it.

Reboot windows and you are good to go. If you need me to do this just call me and I'll come over and fix ya up.

Dave

Ernie Renn · Post by **Ernie Renn** » 3 May 2000 3:47 am

Also, the virus adds a signature to all out-going mail. You have to delete the signature, too. AND delete all mail that has the virus. Other wise you'll just get it back again.
The program can also make a second copy of "autoexec.bac". I had this virus and it was a royal pain.
For detailed instructions on how to get rid of it, go to: http://cperry.k12.pa.us/kakvirus.htm
Thank goodness it wasn't a maliciuos virus.

------------------
My best,
Ernie

The Official Buddy Emmons Website
www.buddyemmons.com

winston · Post by **winston** » 3 May 2000 11:12 am

Ernie, that is a very good fix for the virus. How does one know if the incoming mail has the virus attached to it?

Ernie Renn · Post by **Ernie Renn** » 3 May 2000 3:01 pm

I wish I knew. I don't know where I got it and I didn't know I had it until I mailed somebody with an updated virus protection program. They mailed me and told me about it. I have since changed my format from HTML to plain text. Without the signature going out I don't transmit the virus.
It took about two weeks to get rid of the thing. It kept coming back. I came across the page I mentioned and went thru the proceedure they detailed. It hasn't come back yet, so hopefully I got it all.

------------------
My best,
Ernie

The Official Buddy Emmons Website
www.buddyemmons.com

winston · Post by **winston** » 3 May 2000 5:20 pm

Ernie, As you can tell I am not a computer expert.. I wonder why my norton's utilities program did not pick up on the virus? I have been using my hotmail address to send email with until I am sure the virus is gone.Thanks again for you help. Winston

Jack Stoner · Post by **Jack Stoner** » 4 May 2000 2:37 am

Do you have the latest virus files for your Norton?? You can download updates from them. Also some "viruses" are not really classified as a virus but more a nuisance type of thing and some of those are not detected by virus software. There was another one not too long ago that added an advertisement type thing to the signature and everytime you sent it to someone they got the signature thing (I think it was the "go hip" thing).

The McAfee web page has a lot of info on both viruses and "non viruses" (and on virus hoaxes).

Ernie Renn · Post by **Ernie Renn** » 4 May 2000 4:50 am

I have the latest virus updates for Norton, but apparently because it's a mail signature, it got thru. I don't know what program the guy was using that pointed it out to me, but his caught it.
Like I said, at least it's not malicious and can be gotten rid of with a little work.

------------------
My best,
Ernie

The Official Buddy Emmons Website
www.buddyemmons.com

Jonathan Cullifer · Post by **Jonathan Cullifer** » 7 May 2000 1:03 pm

I was reading on another forum that the attachment is in the form of a .vbs file. It is highly unusual for someone to receive a .vbs attachment, so if you have one, I reccomend that you don't open it. I also have to say that modifying Registry keys is a dangerous practice, so if you are not comfortable with working inside your system, don't even worry about modifying anything. My best advice is to simply use your good judgement: If it doesn't look good, then it is probably isn't.

Also, this virus only affects Windows computers with Internet Explorer 4+ installed.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jonathan Cullifer on 07 May 2000 at 02:05 PM.]</p></FONT>

winston · Post by **winston** » 7 May 2000 4:06 pm

Jonathan This virus infects Outlook Express mail not Internet Explorer and it does not come as an attachment. If you have the virus and email someone you pass the virus along. The instructions that Ernie gave will get rid of the virus. Anyone that can follow instructions should not have any trouble in the Registry. It is necessary in order to get rid of the virus

Ernie Renn · Post by **Ernie Renn** » 8 May 2000 4:11 am

I agree that going into the workings of your computer is a touchy thing! So, follow the directions!! Don't mess with anything that's not in the virus removal instructions. You'd only be asking for more trouble.

------------------
My best,
Ernie

The Official Buddy Emmons Website
www.buddyemmons.com