LCM's Site Map

LCM's Site Map

How to find your
way around LCM

 

A Personal Case of Being Infected by an Email Virus

Home ] Up ]

This site is best viewed at a minimum screen resolution of  1024 X 768



Who was and is Jesus Christ?

Who was and is Jesus Christ?


Free MP3 sermons, Bible teaching, and other audio messages on LCM

Free MP3 sermons, Bible teaching, and other audio messages on LCM


The Gospel of
Jesus Christ ...


God's Simple Plan Of Salvation In Many Different Languages
(30 languages so far)

How To Be
Born Again in ...


English
Afrikaans
Albanian - Shqip
Arabic - Arabic
Simplified Chinese - Simple Chinese
Deutsch - German
Français - French
Hellenica - Greek
Hebrew - Hebrew
Hindi - Hindi
Telegu - Indian
Bahasa Indonesian
Tagalog Indonesian
Italian
Japanese - Japanese
Korean - Korean
Lithuanian - Lithuanian
Macedonian- Macedonian
Pohnpeian Micronesian
New Guinean
Norwegian
Philippines - Cebuano
Philippines - Ilonggo
Portuguese
Polish
Russian - Russian
Español - Spanish
Swahili

Ukrainian - Ukrainian
Vietnamese - Vietnamese


Other Popular
Links

Currently highlighted on LCM

Currently highlighted on LCM


Click here to learn the latest about our work at Windward Bible Church

Learning more about Windward Bible Church

Robinsons' Prayer Requests

Robinsons' Prayer Letters and Periodic Updates


View comments left by visitors from all over the world

Click here to view our Visitors' Journal to read comments from 2002 through the present.

To make your own entry, click on the "Visitors' Journal" link here or under our top banner on any page.


Learn more about Carriacou, Grenada, including the current
time and weather

 

Liming by the sea


You can even take
a virtual tour!

 


Tourist Information
About Carriacou, Grenada


Sunny beaches on Carriacou


 

A Personal Case of Being Infected by an E·mail Virus
Copyright © 2000, by Walter Robinson II, All Rights Reserved.

As hard as it may be to believe, the computer I use most of the time (which was my wife's at the time I composed this page) was infected by a virus. It crept into our system about ONE WEEK after I had composed and posted the above article entitled, The Perils Of Copiously Forwarding E·mail And Sending Bulk Addressed Emailings. The following is what happened.

On Saturday, November 11, 2000, I had turned the computer on, and had been on and off the web several times. I had been searching the World Wide Web and also checking for and receiving e·mail. However, I had not tried to send any. I had also spent a lot of time deleting multiply addressed e·mails, mostly of the 'forwarded' type from my Microsoft Outlook e·mail accounts. I turned the computer off some two hours later.

I attended a funeral, took care of another matter, then returned home and turned the computer back on about two and one half hours later to check for e·mail. The machine seemed to boot normally. However, right after I typed in my Windows password I noticed a minimized button on my 'Task Bar' that simply said, "driver memory error." It disappeared after being briefly visible for only two to three seconds, and everything seem okay. Yet, experience has taught me that such quirks can be indicative of more serious underlying system problems. I have also learned that the sooner you correct such problems the better off you will be.

I immediately shut down and rebooted a few times hoping that it was just a system glitch that would correct itself. But the annoying button repeatedly appeared and quickly disappeared. I then ran "MS Info" and checked my start up configuration and noticed that my system's registry was now set to call a file called, "kak." I also noticed that two lines of new instruction had been added to my autoexec.bat file. They also called for a file with the "kak" string in its name.

I then searched my hard drive for "kak" and discovered that I had several other files in my Widows directory and elsewhere that had the same string in their name. I tried to remove the files and turn off the registry and autoexec.bat file instructions, and then rebooted. But when my system came back up the little button returned and all the files and program instructions had been restored! I had never contacted a virus before; but it now looked like I had been hit!

I decided to try to get on the Internet and search for 'kak.hta.' Thankfully, my system still worked enough to connect to the Internet and allow me to initiate a keyword search.  Sure enough, several pages came up that made reference to a virus named 'Kakworm.'

It took nearly two hours to find the necessary fix and software to rid my system of the malevolent program. Thankfully, it was nothing more serious--such as corrupting files or deleted all files on my hard drive.

I was also thankful that I was using Microsoft Outlook, instead of Microsoft Outlook Express. I soon discovered that if I had been using the latter, and if I had sent out any any mail while infected, I would have passed the virus on to others!

I found several web pages that described the virus and methods on how to rid your system of it. What I discovered only reinforced what I had stated in the previous article about proper Internet Practices mentioned above. I found one page most helpful and simple to follow. It is entitled Wscript_KAKWorm or VBS_KAKWorm - Virus Removal Instructions - Kagou-Anti-Kro$oft  and it is located on the "PC HELL" website (sorry, but that is the name of the site). What it said in part about this virus is as follows:

The Wscript KAK Worm is a worm/virus that attacks systems using Outlook Express. It uses a known security vulnerability to attach itself to every e·mail sent from an infected system. It is written with Javascript and it attacks both the English and French versions of Windows 95/98, if Outlook Express 5 is installed.

What makes this worm unique is its ability to infect a system by someone simply reading or previewing an e·mail message. The worm hides in the HTML of the e·mail itself. When the message is previewed or opened by the recipient, the worm automatically takes control and infects the computer.

If neither Outlook Express nor MS Internet Explorer 5.0 are installed, the worm is not able to infect the machine. The worm has another potential side effect as well. On the 1st day of any month and the hour is 5:00pm, the following message is displayed and Windows is sent a command to shutdown. You may also see a "Driver Memory Error" occur when starting Windows.

Another article entitled, Focus on VBS/Kakworm: are you protected? at Sophos Anti-Virus website also stated this:

VBS/Kakworm appears to be extremely widespread, and Sophos researchers believe this is largely because individuals and companies have not applied a patch first issued by Microsoft in August 1999.

The same site has another page on the analysis of the virus that adds:

The worm will run if the user has Internet Explorer, Outlook or Outlook Express, but it will only spread to other users if Outlook Express is used to send e·mail.

Even if you receive an infected message, you cannot be affected unless you have an Internet Explorer based product installed.

The worm arrives embedded in an e·mail message as the message HTML signature. The recipient of the message cannot see any visible symptoms as there is no displayable text in the signature.

If the user opens or previews the infected e·mail message the worm drops file KAK.HTA into the Windows start-up folder. KAK.HTA runs the next time Windows is started, creates the C:\WINDOWS\KAK.HTM file and changes the Microsoft Outlook Express registry settings so that the KAK.HTM is automatically included in every outgoing message as a signature. The KAK.HTA also changes the Windows registry that it includes the name of the worm file.

On the 1st of any month after 5 p.m. the worm displays the message "Kagou-Anti-Kro$oft says not today" and runs Windows shutdown.

Further-- and are you ready for this--Microsoft itself has some ominous words to offer about the specific weakness inherent in the Windows operating system that allows viruses such as Kakworm to infiltrate it. The page is entitled, Microsoft Security Program: Microsoft Security Bulletin (MS99-032), and the following is stated:

Microsoft has released a patch that eliminates security vulnerabilities in two ActiveX controls. The net effect of the vulnerabilities is that a web page could take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do. (Emphasis mine)

I have been using personal computers since 1979, and I have a pretty extensive technical background in digital electronics and accumulated experience. That and the Lord's grace enabled me to recognize and pinpoint the problem, and then repair it. But what would you do if you had gotten infected? Would you have recognized it before you sent e·mail to someone else and infected them as someone did it to me? Just think, with multiply addressed self composed or 'forwarded' e·mails you could literally infect all the friends listed in your address book with other viruses that work like this one! I must also point out that new viruses are being written everyday.

I prefer to believe that my loving God allowed this to happen to me so that I could pass on the warning and also press the importance of using proper Internet Practices. Simply put, do not readily and regularly receive and forward 'forwarded' e·mail, except in specially warranted cases such as with prayer requests. And when you do, make sure that you put all addresses in the 'Bcc' (blind carbon copy) box to keep your friends' e·mail addresses private.

I hope this document helps to equip you with knowledge so that you may be wiser in e·mail communications.

NOTE: If you have been having problems with this particular virus please do not write me! As stated above I could not have infected anyone with the virus because I do not use Outlook Express. Yet, I have included links in the document that will connect you to the above sources that will tell you how to fix your system.

(WTRII)

Hit Counter


Revised: August 26, 2013.

LCM's Quick Links

All material posted on LCM is free for your information!

I hope you
enjoy your visit!


Chose Your Language


 

What We Believe, and Why

What We Believe


Please Be Partners With Us By Praying For Us!

Use the following to go to the page to send your gift. Nothing is too small. All is appreciated.

Click here to ...
Click Here to Send a Gift to Help Support Us
if you wish to
help support LCM

Thanks a head of time!


Click here to contact Us
Send LCM email

Please pray for LCM's web ministry daily.


Hate spam?


LCM Specific Search Tools

LCM's Specific
In-depth Search Tools

Search LCM:


More Specific Search Tools:


LCM has had

~
Visitors &

~

Page Views Since
 June 11, 2001

Click here to learn more
about LCM's website.


For the safety and assurance of our visitors, LCM is rated by and registered with the Internet Content Rating Association

Click here to check out our ICRA rating.


  Gospel of Jesus Christ ] Windward Bible Church ] What We Believe -- And Why ] Robinsons' Prayer Letters and Updates ] Robinsons' Prayer Requests ] About Carriacou, Grenada ] Virtual Tour of Carriacou ]
 
  Home ] About Us ] Contact Us ] Report a Broken Link ]
  Copyright © 2000 Last Chance Ministries. All rights reserved.