Susan and Theodore

Read BELOW
I personally have found that if you do not hit the OK button when it displays that friendly message then it will not shut down windows...I guess I will have to live with this until someone out there tell me how to get rid of it.....Maybe a really big fish?
Wscript.Kak.A (Also known as Kak.worm)
This is only the second time this type of virus has been seen in the wild. Basically, it used to be a Anti-Virus golden rule that you were safe to open Email as you could only be infected by opening the attachment. BubbleBoy, and now Wscript.Kak, have changed this as they are able to infect some PCs without the user opening the E-mail attachment.

Wscript.Kak is the second family of viruses to exploit a weakness in Internet Explorer 5.0 when it is installed onto a machine that is running Windows98. Those PCs that have Internet Explorer security settings set to medium or low can be automatically infected when the E-mail message is read.

When the message is opened, Wscript.Kak will store a copy of its worm code in the Windows statup directory in a file called "Kak.HTA". The worm will also write part of the worm code to a file called "Kak.HTM" in the system directory and creates the following registry key to ensure that it will be automatically loaded every time the PC is restarted.

The registry key is: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cAgOu"]

Once the worm is installed it will search to see if the user has set up different identities that can be used under Outlook Express 5.0. If they are found the worm will begin attaching a copy of itself to ALL the E-mails that are sent out by the user.

Payload: When the worm is activated, it checks the system date and will display the following message at 5 PM on the first of any month.

"Kagou-Anti-Kro$oft says not today !"
The worm then attempts to shut down Windows.
There are no deliberately destructive payloads in this virus.






[This message contained attachments]