For Outlook express users. I may have passed on this worm. It causes a message Kagou-Anti-Kro$oft says not today! and then shuts down your computer. This happens on the first of the month. If you have experienced this check this page out. http://support.microsoft.com/support/kb/articles/Q262/1/65.ASP It shows you how to identify a register key that needs to be removed. It said this key would send the worm on through the signature files in Outlook express undetected. I did find this key and assume it has been working so that is why I am posting about it. Below is technical info I pasted in from the MS site. This worm appends itself to the end of legitimate outgoing e-mail messages as a signature, and then it enters your computer through a hole in Outlook Express e-mail security, Scriptlet.Typelib. When you receive an infected e-mail message, the worm, Kak.hta, automatically copies itself to a startup folder on your computer if you are using either the French-language or English-language versions of a Microsoft Windows operating system. The Kak.hta file is copied to your computer without your knowledge because you do not have to open an attachment for it to run; if you simply receive and then read the e-mail message, the worm is copied to your computer. Files with the .hta file extension are run by Microsoft Internet Explorer and Netscape Navigator. You must restart your computer for this file to run. After the worm runs, it modifies the following registry key in order to add its own signature file, the infected Kak.hta file HKEY_CURRENT_USER\Identities\Identity\Software\Microsoft\Outlook\Express\5. 0\Signatures where Identity is the name of your identity. When the worm modifies the registry key, all outgoing e-mail messages are appended with the worm. In addition, the following registry key is added to your computer that causes the worm to run each time that you restart your computer: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cAgOu On the first day of the month, at 5:00 P.M., you receive the following message and Windows is sent the command to shut down: Kagou-Anti-Kro$oft says not today!
This PTG archive page provided courtesy of Moy Piano Service, LLC