JS/KAK.Worm
Threat risk
|
Detection files published:
April 2000 |
Description created:
2000-04-25 |
Description updated:
2002-11-26 |
|
Alias:
|
Spreading mechanism
| |
|
Payload:
| ||
Spreading description
Email characteristics:
Attachment: (none)
Kak is a worm that embeds itself to every email sent from the infected system, without any attachment.
Removal
The removal of the worm has to be done semi-manually by performing these steps in this order:
- Find and delete the following file C:\Windows\kak.htm
- Find and delete the following file C:\Windows\System\(filename).hta where (filename) is a variable, and it changes from one system to another
- Find and delete the following file C:\Windows\Start Menu\Programs\Startup\kak.hta
- Find and delete the following file C:\Windows\Menu Demarrer\Programmes\Demarrage\kak.hta
- Find and delete the following file C:\Autoexec.bat
- Find and rename C:\AE.KAK to C:\autoexec.bat
- Find and delete the following registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAg0u
- Find and remove the value in the following registry entry HKEY_CURRENT_USER\Identities\Software\Microsoft\Outlook\Express\5.0\signatures\
Protection from Kak and similar malicious programs
This worm utilizes a vulnerability in Outlook Express. The same vulnerability is used by the VBS/Bubble.Worm.
Microsoft has relased a patch which prevents being exposted to this vulnerability.
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
