Wednesday, 21st August 2019
Computers & The Internet Article
Advertisment

This Month's Magazine
Are you infected?

Are you infected?

Virus. What to do, how to remove the virus and how to protect yourself from virus attack.

by Sebastißn Polinares

Viruses are a set of instructions in computer language disguised within an e-mail message that gives the appearance of being totally innocent. It could be within an attachment to a message or, worse, it could be subtly attached to the message itself or even the address. So when they say not to open the message, oops! It is too late, it is the message itself that is contaminated!

One such particular, nasty Virus to watch out for is called the KAK WORM. You might have it and you may not even know until it is too late: on the 1st day of the month following, from 6 p.m., you get a message such as: “S3 driver memory alloc failed” or a message starting with “Kagou-Anti-KroS........” Or something similarly unusual. After that, your Window program is instructed to shut down and you will not be able to start you computer.

This Virus is not new, it was discovered in October 1999, but it is fairly widespread, mainly because it is difficult to detect, even if you have a Virus protection program on your computer. According to MessageLabs, the kak.worm is the second most frequent virus detected by them.

This Internet worm uses JavaScript, ActiveX and “Scriptlet Typelib” and it propagates itself through e-mail messages using Outlook Express. If Microsoft Explorer 5 or higher is installed, it writes the KAK:HTA file to the startup folder of the local machine.

FIRST PROTECT YOURSELF

Prevention is 99% of a cure. There is a weakness within Windows 95 & 98, which needs rectifying. On the Internet, connect to:www.microsoft.com/technet/security/bulletin/ms99-032.asp . The bulletin will explain about this particular weakness and it will give you the option to install a Patch, downloading it from the site. Just click on the highlighted address offered for Microsoft Windows 95 & 98 and follow the instructions. Do download both the Eyedog-fix as well as scriptlet.typelib. This will rectify the fact that both are incorrectly marked “safe for scripting”, the Patch will cause the program to request you permission to load the control. The next thing to do is to install a Virus detection program. If you already have one, make sure that you have updated it with the latest data, there are new Viruses every day, and if your program itself is not recent, make sure you have upgraded it to the latest version. You can buy such programs and download them instantly from the Internet and you can do the same for upgrading and updating your existing program. Upgrades and updates are free. In the case of McAfee the address is: www.software.mcafee.com/centers/support/default.asp

In the case of Norton the address is:www.symantec.com/avcenter/download.html

It is not difficult, just follow the instructions.

Right, so far so good, that should make it more difficult for KAK to get through to you. But, if you suddenly get a message like: “Scripts are usually safe. Do you want to allow scripts to run?” or Do you want to allow software such as ActiveX controls and plug-ins to run?” THE ANSWER IS, quite simply “NO”.And if, on the other hand, you get a like: “ Kagou-Anti-KroSoft says not today” It means that you have got the bug and the inevitable will happen.


Advertisment

HOW TO REMOVE THE BUG

Do not be tempted to delete any messages, even if you have identified the offending one that gave you the bug in the first place. This could make things more difficult.

Next, if you have not already done so, back up all your important files, do not back up any e-mail. At least you can try and save your work. I have not been able to establish if these might be infected or not, though I suspect that they are not.

Next, as a precaution that may work and buy you time, change the day of your computer program and put it back just a few days. Do not go past the 1st day of the month back or forward. The removal process is as follows, in that order:

  • close e-mail client(s)
  • install the MS patch mentioned above
  • remove KAK.HTA and/or KAK.HTM
  • delete the default e-mail signature setting (Tools/Options/Signature)
  • delete all e-mail messages not needed and which you suspect may contain the script.

The locations of the files are as follows:c:\windows\kak.htm AND c:\windows\system\(name).hta

In the case of English Windows:c:\windows\StartMenu\Programs\\StartUp

McAfee indicate the use of specified engine and DAT files for detection and removal. Files found to contain the detection must be deleted. Apparently there are also some variants and aliases to this particular Virus. I would strongly recommend to visit the following particular page:vil.mcafee.com/dispVirus.asp?virus_k=10509&

You will find it extremely useful and descriptive in relation to this Virus. If you are not familiar with some of the terminology above, get an expert to help you. Failing this you may well have to format your entire hard drive and reinstall all the components and programs.


AS SOON AS YOU CAN: Try and warn all the people that you might have sent messages to, not by e-mail. Of course you should not send any messages to anyone from the moment you suspect you have a Virus. You should also get in touch with the person you think has sent you the bug. They are probably not aware of it and will be grateful. Ask them to do the same to counter act some of the spreading. If everyone did this, it may be possible to contain any Virus.



Add Your Comments:
Other related businesses