KAK, The Evil Little Worm

"The code looks specifically for browser versions IE5 or Netscape Navigator higher than v4.0"

KAK you evil little French worm,  will you get off my email!  I am fed up with the KAK/worm.virus,  I'll bet you are too.  I would like to wring the neck of the so and so that wrote that piece of computer code.   I also don't like to give the writer of the KAK this much of my time and credit for his stinking little virus, but I get the KAK sent to me about twice a week by some unknowing "e-mailer" that has it attached to his/her email.  I wonder how many people are sending it and receiving it and don't know it?  I sent it to quite a few folks myself before I knew I had it.   I have since build up my defenses to a higher level.

Setting your anti-virus software to dig deeply into your computer is important, even though it will require more time to run.

Part of the problem of detection is that if you don't have your anti-virus software options set properly you may not know your computer has a virus until it begins to "acts up".   If you reboot with this virus in your Start Up folder before you know you have it, then you have allowed the virus to "dig in".   By the time a person decides they may have a virus, the KAK has, like the "Alien" virus that it is, embedded itself in the guts of your system files where only a professional tech person can dig out the breeding and reproducing segments of the worm.

Sit back and do nothing?

So what are you going to do about the virus.  Just sit back and do nothing and email it to all your friends, or learn to do something about it.  The little worm doesn't give up easily, especially if you let in into your computer.  That is the first thing to know.  Second thing to know is that it can consume a lot of you important time dealing with it. 

So if you have something important to do, just leave your computer running and go do it!

A good option is to put a for sale sign on your computer and sell it to someone you never expect to see again in this lifetime.   If you are like me and don't have anything important to do, then let's see how to deal with this wormy situation.

The nit picky stages

Don't reboot until you have eliminated the virus

I can tell you in stages some of the little things to do:

(1) Start by getting your anti-virus software up to date and update it as often and it will let you.  It will usually let you update on line (Internet) about once a week.  And you will be so pleased to notice it will be watching for about 47,000 viruses that might jump onto your computer.  

(2) Go to Microsoft's link mentioned below and download the suggested patch for your system.

(3) Set options on you anti-virus software to be on guard all the time and check all files.  This little worm can't be discovered by just checking program files alone.  It is a different and sneaky type of code.

(4) Run the anti-virus software and delete any virus.  Read before deleting and learn about it as you go.  You have time to read it before it destroys your computer and it will not do anything while you are reading.  

Settle down, relax and learn about the virus. 

  If the virus destroys your whole computer, have you lost anything?  Look at all the time you will save without your computer to distract you, now you can look forward to doing other things in your life. 

(5) After everything is deleted that seems to be a virus, go to the Start, Find, Files or Folders.  Type in KAK and have it search c: and any floppy disks or other drives such as zip drives.  If it finds the KAK, then let it delete it.  Remember though, just because you deleted the virus once, it will re-infect your startup file each time you preview the email it is located in.

(6) Your are ready now to find out where the little  "~~~~@*"  virus came from.  If you don't care where the virus came from then you can take a serious shortcut and be done with some of the tedium. 

The Big Shortcut

Read all of this before you choose the Shortcut!

The shortcut is to delete  inbox, sent mail, deleted mail box all in order given here and run the anti-virus program, the Find program and check the signature file.

 But on the other hand, what if you want to know the origin of this virus?  Who emailed me this?  Who do I need to warn that they are sending a virus?  To answer these questions I am going to have to put up with the virus recurring for a while as I look for the source.    

You think you have gotten rid of the virus, well I don't think so?

Maybe we think we have gotten rid of the virus, well I don't think so.  At this point your computer will be reinfected when you view the email that contains the virus.  Remember we haven't deleted the email boxes because we want to locate the source of the virus.  

Is the virus an attachment?

So keeping in mind that the virus is hidden in one of the emails and no it is not an attachment that you can spot.

Finding the source

To find the source of the virus, keep the little Find program open but minimized.  At the same time click on each email you have, one at a time.  After previewing an email, click on the Find program again.  If the Find program finds the KAK virus located in the startup program, you have found at least one source email for the virus.  

It's all about preview and destroy, preview and destroy.

It usually looks like this (c:\windows\Start Menu\Programs\StartUp\kak.hta) after being previewed in an email .  You now know the email it arrived in.   Delete the email twice, once from the inbox, once from the deleted box.  Then  highlight it in the Find program and right click and delete.  You still have all the other emails to check as well as the sent mail boxes.  Every time you preview an email that contains the virus it will quietly put the little KAK in the StartUp file.  Why?  So the next time you reboot your computer it can spread it evil little self into the guts of your computer.  If you can zap it before you reboot then you can nip it in the bud.

 Don't get too excited here and delete everything at once!  

You also need to know who you sent the virus to.  You now have an obligation to warn the folks you sent this virus to.  Tiring isn't it.   It is responsibility of an "e-mailer", as I see it,  to notify others.  When possible,  send a warning along with a link, if known,  to some pages, like this page,  that help to locate and remove the virus.

Who did I send the virus to?

If we don't find out who is sending the virus and give them a warning, we may keep getting that virus with every email that person sends and so will everyone else they send mail to.

Look before you send

Another thing a person can do that is of utmost importance, is to look in your signature file before you send anyone email to see if you are sending the virus.  This is a step that anyone can easily take to see the little virus and get it off the email you are about to send.  With email page open, select Tools, Options, Signatures.   Look to see if there is a text file selected.   Is it your signature file  or does it belong to the KAK?  You will know by looking.  If it is KAK file then get rid of it and go back through removal steps above.  Keep checking until you are sure you are not sending the KAK.

Summary:

bulletKeep anti-virus software up to date.  Do it now!
bulletSet options to check all files.
bulletSchedule this software to run often.
bulletKeep the anti-virus software enabled on the taskbar.
bulletRun the anti-virus software often, yourself.
bulletDownload Microsoft's little program to watch for active X files in your email.
bulletRun the Find program looking for the KAK often.
bulletTry to catch the KAK before it infects your system.
bulletClean your email and system of KAK before emailing again.
bulletSend out a warning and information about the KAK to the person that mailed it to you.  Check that person's email each time they send you mail.
bulletDon't reboot until you have removed the virus.  Leave your computer running until you are sure you have removed the virus.
bulletIt won't hurt your computer to leave it running, just turn off the monitor until you are ready to work again.
bulletStudy the tech links on this page mentioned below.

Like to read the gruesome technical details? 

 Go to another of TXOL's  tech pages and wallow in the technical details:  KAK Worm Virus

For more details on this vulnerability and to obtain a patch from
Microsoft, see this link
http://www.microsoft.com/security/bulletins/ms99-032.asp 

Here is what you need for some protection anyway:

Update for "scriptlet.typelib/Eyedog" Vulnerability

This update is not the "perfect solution" but it helps some.  If it were the perfect solution, there wouldn't be any need to write all this tech stuff, huh?

PS   If you don't want to worry with the little virus, just take your computer to Bryans Auto Supply and Computers in Eastland.  Guy will eradicate the worm virus for a fee.

Ideally your anti-virus software will give you warning and give you an opportunity to destroy the virus before it penetrates your computer system.  We hope so anyway.

Jerry Davis

TXOL Internet's Central and Southwestern Sales Representative


 Return Main Index



 

 

 

[bottom.htm]