Kak Virus or worm description and fix

Disclaimer
The following information is a collection of information gathered from various sites on the internet.
This site takes no responsibility for any losses to you in any way.
Although no known problems exist with this information provided, You are using this at your own risk!
Before you go any further:
Whether you have Kak or not please protect you system by downloading the following patch
Download this patch by going to http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.
After downloading the patch use your back button on your browser to return to this page.
What Is Kak
   Kak is a worm that embeds itself to every email sent from the infected system, without any attachment.

  Kak is written in Java Script and it works on both English and French versions of Windows 95/98 if Outlook Express 5.0 is installed. It does not work in a typical Windows NT installation.

  The worm uses a known security vulnerability in Outlook Express. Once the user receives an infected email message, and opens or views the message in the preview pane, the worm creates a file "kak.hta" to the Windows Startup directory.

    Next time when the system is restarted, the worm activates. It replaces "c:\autoexec.bat" with a batch file that deletes the worm from the Startup directory. The original "autoexec.bat" is copied to "C:\AE.KAK".
It also modifies the message signature settings of Outlook Express 5.0 replacing the current signature with an infected file, "C:\Windows\kak.htm".
Therefore every message sent with Outlook Express after that will contain the worm.

   Next it modifies the Windows registry in a such way that it will be executed in every system startup.

  The .hta file that the virus creates and will be executed is saved to Windows System directory. In first day of each month if the number of hours is more than 17 (i.e. 6pm or later), the worm will show an alert box with the following text:

   

Then the worm causes the Windows to shut down.

Microsoft has more information on this problem available at: http://www.microsoft.com/Security/


Some of the symptoms reported are:
a) Your Mouse begins to get stuck or does not respond.
b) People are telling you that you are sending out multiple e-mails even though you only sent one.
c) Windows lock up or becomes unresponsive
d) Your computer tells you that you have run out of memory after you attempt to open more than one program.

All of the above may be happening to you or possibly none have been happening to you these are just symptoms that I have been told are happening with other people that have contracted this Virus/worm.

Note:
 Kak spreads via Email. Since you were infected, you'll have been sending infected messages. You should check your Sent Items folder **after** applying **all** the fixes Email warnings (and an apology!) to everyone you've mailed since being infected.

Keep in mind that the person who sent this to you does not know that they have sent it to you. In fact they probably do not even know they have it themselves.

Please forward this information to everyone in your address book.

You Can forward this page the following way:
1)Click On the file menu at the top of your browser.
2)Click send from the menu that drops down.   
3) From the pop out menu select link by e-mail.
That's it now all you have to do is select the people you want to send to and presto it will go to them.


How do I fix My Computer
You can check your system for the worm/virus and remove it by using the following directions. You should probably print this page for easy reference.

Manual Removal of WScript/Kak.worm (KOGOU)
Boot into Safe Mode
1) Shut the computer down so the power is off.
2) Wait 20 seconds or so.
3) Turn the computer on and immediately begin pressing the F8 key on the keyboard once every second repeatedly. Do this until the Windows Startup Menu appears. If you get a keyboard error, press F1 to resume and then continue pressing the F8 key once every second.
4) Select option #3 (Safe Mode) from the Windows Startup Menu, then press the Enter key on the keyboard.
5) Windows will then boot into Safe Mode. NOTE: This may take longer than a normal boot.
6) At the end of the boot process a dialog box will appear informing you that Windows is in Safe Mode. Click OK on this dialog box.
7) Windows is now in Safe Mode.
Backup the Registry
IMPORTANT: Before beginning to manually remove KAK from your computer make sure to backup the Registry. This will safeguard your Windows installation. You can recover your Windows configuration by restoring the backup if an error occurs during the removal process.
1) Click on the Start button.
2) Click on Run.
3) Type REGEDIT in the Open field.
4) Click the OK button. The Registry Editor window will appear.
5) Click on the Registry pull-down menu.
6) Click on Export Registry File.
7) In the File Name field type "backup" (without the quotation marks).
8) In the Save In field be sure that the desktop is selected (if it is not, click on the pull down menu and select "Desktop").
9) Select "All" in the Export Range group box.
10) Click on the Save button. The registry will then be saved.
11) Click the X in the top right corner to close the Registry Editor.
NOTE: You now have a backup of your Registry saved as "backup" on your desktop. If you need to restore the Registry you can double-click on the "backup" file located on the desktop. Once these instructions are complete and everything is running properly be sure to delete this backup file by right-clicking on it then left-clicking on Delete from the pop-up menu that appears. This will ensure that the old registry is not accidentally restored once KAK has been removed.
Edit the Registry
1) Click on the Start button.
2) Click on Run.
3) Type in REGEDIT then click the OK button. The Registry Editor will then appear.
4)  Double-click on the HKEY_LOCAL_MACHINE folder on the left side of the screen.
5) Double-click on Software.
6) Double-click on Microsoft.
7) Double-click on Windows.
8) Double-click on Current Version.
9) Single-click on the Run folder so it is highlighted.
10) On the right side of the screen, under the Name column, locate cAgOu and single-click on it so it is highlighted.
11) Press the Delete key on the keyboard to remove this entry.
12) Close the Registry Editor by clicking the X in the top right corner.
Edit the AUTOEXEC.BAT File
1) Click on the Start button.
2) Click on Run.
3) Type in SYSEDIT then click the OK button.
4) The System Configuration Editor window will appear. The front window will be labeled C:\AUTOEXEC.BAT.
5) Delete the following lines, which are near the top of the C:\AUTOEXEC.BAT window, by highlighting the line and then pressing the Delete key on the keyboard:
C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\KAK.HTA
DEL C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\KAK.HTA
6) Close all open windows until you are back on the desktop. You will be asked if you wish to save changes. Answer Yes.
Remove the StartUp Folder Reference
1) Click on the Start button.
2) Highlight Settings.
3) Click on Taskbar & Start Menu. The Taskbar Properties dialog box will then appear.
4) Click on the Start Menu Programs tab.
5) Click on the Remove button. You will then see a list of folders and shortcuts.
6) Locate the StartUp folder and click on the plus sign (+) next to it.
7) Look for anything with KAK in the name. If you find something with KAK, single-click on it so it is highlighted then click the Remove button to delete it.
8) Click the Close button followed by the OK button.
Change the Folder View Options
(This is necessary to find the files in the 'Delete the KAK Related Files' section)
1) Double-click on the My Computer icon on the desktop.
2) Double-click on the C: drive.
3) Click on the View pull-down menu then click on Options (or Folder Options). The Folder Options dialog box will then appear.
4) Click on the View tab.
5) Select the 'Show all files' option.
6) Uncheck 'Hide file extensions for known file types'.
7) Click the Apply button followed by the OK button.
8) Close the remaining open windows until you are back on the desktop.
Delete the KAK Related Files
1) Click on the Start button.
2) Highlighted Find then click on Files or Folders. The Find Files dialog box will then appear.
3) Make sure the (C:) drive is selected in the Look In field so the entire C: drive will be searched.
4) Type in KAK.HTM in the Named field then click the Find Now button.
5) The computer will then search the hard drive for the file. When the file is found it will be displayed towards the bottom of the dialog box.
6) If the file is found right-click on the icon located to the left of the file's name. A pop-up menu will appear.
7) Left-click on Delete. Answer Yes to any prompts asking if you are sure you would like to delete the file.
8) Now type in AE.KAK in the Named field then click the Find Now button.
9) The computer will then search the hard drive for the file. When the file is found it will be displayed towards the bottom of the dialog box.
10) If the file is found right-click on the icon located to the left of the file's name. A pop-up menu will appear.
11) Left-click on Delete. Answer Yes to any prompts asking if you are sure you would like to delete the file.
12) Now type in *.HTA in the Named field then click the Find Now button. The computer will then search the hard drive for all files that end with .HTA. Each file will be listed towards the bottom of the dialog box.
13) When the computer has finished searching delete each of the listed files by right-clicking on the icon to the left of the file's name, and then left-clicking on Delete from the pop-up menu that appears. Do this with each listed file until no files remain.
14) Once the files have been deleted click the X in the top right corner to close the Find Files dialog box.
15) Right-click on the Recycle Bin on the desktop. A pop-up menu will appear.
16) Left-click on Empty Recycle Bin. Answer Yes to any prompts asking if you are sure.
17) Restart the computer. It will automatically boot back into normal Windows.
Prevent Future Infections of the KAK Worm
The KAK worm works by exploiting vulnerabilities in ActiveX controls. The vulnerabilities exploited by this worm have been addressed by Microsoft with a security patch. Installing this security patch will prevent the execution of this worm under default security settings. McAfee recommends applying this patch for all computers running Internet Explorer. Download this patch by going to http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.
Keywords:
KAK, kak.hta, worm, virus, remove, infect, infected, clean, get rid, off, disinfect, trojan, hta, .hta, kak.htm, kak.worm, wscript, cac, cak, kac, virus, virus, virus,virus,

Sign My Guestbook Guestbook by GuestWorld View My Guestbook

You are visitor
  [Tripod Counter]   
Other features of this site:
FREE STUFF
Free Downloads   Funny Pictures   <This link's target cannot be found>  Games  Make this page your home page   Web Based Free E-Mail   Kids Page
  Happy99   Worm Removal   Free wallpaper Crystal Reservoir in "The Black Canyon of the Gunnison National Park"
Webmasters: If you would like to build traffic then FFA or free for all links are a must
Click here to add your links to my ffa pages free
Searches  
Stock Quotes     Mortgage Rates     Who Where People search   Kids search Engine   TV Listings     Sports Scores     

Shopping  
Music   Casino  Hotel Reservations   Greeting Cards   Books  Pet Supplies Magazines   Yard & Garden  Make Money   Coins  Auto Parts Internet & Software  Furniture   Auctions  Toys   Department Stores  Cell Phones   MOVIES    Barnes & Noble   Toy Heaven

Thank You And good Luck!!