[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

RE: RE: VIRUS!!!!!

Subject: RE: RE: VIRUS!!!!!
From: "Jeremy Vine" dg32@xxxxxxxx
Date: Tue, 23 May 2000 18:47:45 +0100

Frank,

Curiously, when I tried to view the source of the email I did get a warning
about a virus from Norton and it ran its antivirus quarantine operation. I
have since deleted the email and the message I sent. However, the virus did
not show up when I originally ran Norton on all my files.

I cannot find KAK.HTM on my machine and there appears to be no registry
entry, so that should be an end to this nasty.

My thanks for your help and prompt warning.

Jeremy


-----Original Message-----
From: Frank Tirado [mailto:ftirado@xxxxxxxx]
Sent: 23 May 2000 17:28
To: dg32@xxxxxxxx
Subject: Re: RE: VIRUS!!!!!


Hi Jeremy,
  The first thing that comes to mind is that you replied to an email
by Morris Krok. His email was the original infection, as far as I can
determine (I've already notified him). When you replied to the email,
a copy of it was appended to your reply. The appended portion
included the virus.

  The second possibility is that your virus signatures are not up to
date. Only you know that for sure. What you could do, just to be
safe, is double check that you don't have that KAK.HTM file and that
the registry entry is not there. If so, your system is ok.

Hope that helps,
 Frank

>>> "Jeremy Vine"  05/23 12:16 PM >>>
Frank,

Thank you for your email. I have just run Norton Antivirus (which
has
up-to-date virus definitions) and according to that program I have no
such
virus on my PC. Or for that matter any other virus.

I don't doubt that your firewall has intercepted an unacceptable
script but
I am at a loss to understand why Norton Antivirus (which is from the
Symantec website you recommend)has not found this virus.

Any ideas?

Thanks

Jeremy


-----Original Message-----
From: Frank Tirado [mailto:ftirado@xxxxxxxx]
Sent: 23 May 2000 16:29
To: dg32@xxxxxxxx
Subject: VIRUS!!!!!


Hello Jeremy,
    Our firewall intercepted the Wscript.KakWorm script virus in
an email you sent to xywrite@xxxxxxxx in reply to one sent
by Morris Krok to that same list. In view of the potential threat
these malicious programs pose to your data (and that of others), may
I
respectfully suggest that you scan your machine with an antivirus
program?

 Our scanner removed the virus from the email before forwarding it
to it's recipient here. Others might not be so fortunate.  You
should notify other persons listed in your address book after you
clean your machine so that they, too, can take steps to protect
their
systems (if they opened your email, their computers almost certainly
became infected).

Fortunately, removal is pretty easy:

Look for and delete this file: KAK.HTA
Look for and delete this registry key:
 HKLM/Software/Microsoft/Windows/CurrentVersion/Run/cAgOu

Further information can be found here:

 http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html

If you would like to have a free, full featured antivirus product
with frequent updates, go here:

 http://www.cai.com/registration/

Go down to the Free Downloads section and click on the "Download
InoculateIT Personal Edition Software" link.


I'll be happy to help should you need further assistance.

Regards,

 Frank Tirado
 Information Systems Security Program Manager
 USDA - Economic Research Service
 Phone - (202) 694-5095  (USA)

Prev by Date: XyWrite Revealed, third person etc.
Next by Date: Re: virus - you've still got it! - please send in ASCII, not H.T.M.L.
Previous by thread: RE: VIRUS!!!!!
Next by thread: Re: VIRUS!!!!!
Index(es):
- Date
- Subject