ES - Virus Alert! This is serious!

Adam Harrison hookshot at star-telegram.com
Sat Mar 25 12:35:33 PST 2000 

Greetings Elfsea,

I have some potentially bad news to report.  Sometime earlier this week(or
perhaps earlier than that) my computer was infected with the Kak virus.  I
did not find out about this until about an hour ago.  This particular virus
is an email "worm" that infects Microsoft products(IE 4 and 5, and outlook
express 4 and 5).

Netscape users and AOL users shouldn't have a prob, but you never know...


Since I have sent emails to the ES list while I was infected, I would urge
all of you to check your computers to make sure they are not infected.

I have cleared the virus from my computer.  It was fairly easy to do once I
had instructions.

below is a copy of the message I got on how to fix this nasty little
problem.

-Bjorn


Ok.  here's the route.  Bob took five hours (but he found the info).  I took
three, but I used his info...so...benefit from our PAIN.

1)  http://www.cai.com/virusinfo/encyclopedia/descriptions/wscript.htm

this gives you a brief overview of the problem.  some of it is kind of
technical so we'll take it a step at a time.  Read the above message then go
to

2)  http://www.microsoft.com/technet/security/bulletin/ms99-032.asp

pan down and there are several applications/patches that you can download.
Don't worry about the terminology.  Just kick any of the applicable systems
that you have.  When you try to download the program, it will ask you if you
want to "open" or "save".  Pick "open" (or "run" depending on your system).
Don't worry...it is a self-extracting program.  Just sit back and let it do
it's thing.

3) deleting time!!!

exit from the internet and hit click on the "start" button at the bottom
left corner of your screen.  You should get several options.  Select
"re-start in MS-DOS" or something if that nature.  Click in and let the
computer do its thing.  When it comes back up...it should have... "
c\windows  "
type in  "  cd\  "
the computer should then have "  c>  "
type in "  type c:\autoexec.bat   "

if you get a bunch of crap that has " kak.hta " in it then you will have to
modify your autoexec.bat file.  If that comes up, then we will have to solve
that in "E-mail  Part 2".  Let's assume that it DOES NOT appear in your
autoexec.bat file.

******addition from Bjorn.  if your autoexec.bat has been changed, here's
what to do.  There should be a file in c:\ that is AE.KAK or something like
that.  delete your autoexec.bat and rename AE.KAK to autoexec.bat.  that
should fix the problem.  It did for me anyway.  I didn't even look for a
change in my autoexec.bat, I saw the AE.KAK file and already knew there
would be a problem.

4)  re-start windows

5) press the "start" button at the bottom left again.  a vertical list of
items will appear.  Select "Programs".  This will open another vertical
list.  Select "Startup".  This will open another set.  In there you will see
"kak.hta."  RIGHT CLICK once.  This will bring up a set of options.  Pick
"delete"  (obviously).  Immediately, exit from all this junk and go to your
Windows start-up screen.  RIGHT CLICK once on your trash bin.  This will
give you the blind option to select "Empty Trashcan". select that item.


*****addition from Bjorn, When the autoexec was fixed the "kak" file in my
startup folder disappeared.  I ran a search for kak.*  and *,kak just to
make sure they were gone...


6)  restart your computer.

At this point you should be OK.  Just remember to go to your E-mail settings
and set security for "high" and set all E-mails to non-html format.   KAK
lives in HTML and that is what we want to avoid.   :)  If you have problems
finding your default values for E-mail...you quessed it..."E-mail part 2."

Good luck.

Let me know if you run into any problems.

John



============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.

More information about the Elfsea mailing list