Kak virus

Question

Someone inadvertantly sent me an email with a virus attached, I am pretty sure I have got rid of it by running my Norton virus programme (it found 2 viruses called kak something). However every hour or so I get an outlook connect screen apprearing (which is what happened when I got the virus), this screen is in very bold type face and is not the usual screen, it also comes on when the machine is first switched on. I think I have got rid of the virus but how do I stop this connect screen from appearing at random??

thanks you for your help I am really stuck and have no one to ask DIANA

Answer

This question was answered on February 7, 2001. Much of the information contained herein may have changed since posting.

To completely get rid of the kak virus follow these steps:

--Click start, find, files and folders, type in the named: *.hta (star, dot, hta) and make sure you are looking in the c: drive, find now Delete any instances you find.

--Once again in find files and folders type in the named: *.kak (star, dot, kak) and look in c: drive, find now Rename the c:\AE.kak file to c:\autoexec.bat and delete all other instances you find.

And again in the find files and folders type in the named: kak.htm and look in c: drive, find now Delete any instances you find.

Next, click start, run, type in regedit and click OK That will bring up the system registry editor On the left hand side locate HKEY_LOCAL_MACHINE and click the plus sign next to it, then down to SOFTWARE and click the plus sign next to it, then down to Microsoft and click the plus sign, then CurrentVersion click the plus sign next to it, then Run click the folder to open it and display its contents on the right Remove the line that mentions cAg0u by hiliting it and right clicking it then go to delete Click 'file', 'save' and close the registry editor The entire string for that is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cAg0u

--Reboot the computer, start, shut down, restart the computer.

The article about the KAK worm at microsoft: http://www.microsoft.com/Security/Bulletins/MS99-0 32faq.asp

They also have a patch to fix this problem at: http://www.microsoft.com/security/Bulletins/ms99-0 32.asp

The patch is for the security hole in outlook express so you don't necessarily need it if you aren't running outlook Good luck and let me know if you need further assistance!

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on February 7, 2001