[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RT] KAK VIRUS



PureBytes Links

Trading Reference Links


I got infected by the virus.  If anyone else 
gets infected, I found the following at Computer Associates:
 
<A 
href="http://www.cai.com/virusinfo/encyclopedia/descriptions/kakb.htm";>http://www.cai.com/virusinfo/encyclopedia/descriptions/kakb.htm

Kak.B Kak.B is an Outlook e-mail worm that 
exploits a security hole in Internet Explorer 5. This variant is functionally 
identical to the .A variant but it does have the following minor differences: 

  The file dropped in the startup folder is named 
  "day.hta", not "kak.hta" as in the .A variant. 
  The file set as the Outlook Express signature is 
  C:\windows\day.htm instead of C:\windows\kak.htm. 
  This variant also exploits the "Scriptlet.TypeLib" 
  vulnerability described in detail for the .A variant. 
Cleaning:By downloading and installing the latest 
updates, your computer will be protected. However you should still download the 
software patch mentioned in step 6.
If your computer is already infected, use the 
following steps to clear the virus:

  Click <A 
  href="http://www.cai.com/virusinfo/encyclopedia/descriptions/reg/kakafix.inf";>here 
  to download a file called kakafix.inf (also works for Kak.b). 
  Save the file to your desktop and then right-click on the file and choose 
  "Install" to run it. This file will reset the registry entry for Kak so that 
  it will not be loaded when you next reboot your computer. 
  Edit autoexec.bat by using Notepad or by 
  selecting Start | Run and entering sysedit, then clicking on the OK 
  button. Once the autoexec.bat file is opened for editing, remove the following 
  two lines: @echo off> C:\Windows\STARTM~1\Programs\StartUp\day.hta 
  del C:\Windows\STARTM~1\Programs\StartUp\day.hta 
  Remove the Kak file from the startup group. To do 
  this, right-click on the Start button, select Open | Programs | Start Up. 
  Next, right-click on the Kak file and select the Delete option. 
  Open your e-mail client, select Tools | Option | 
  Signature and remove your default signature file. 
  Check that you have the latest anti-virus update 
  installed. If it is not the latest, then download the latest version and 
  install it on your machine. 
  Download and install the eyedog patch which is 
  available from Microsoft at 
  http://www.microsoft.com/technet/security/bulletin/ms99-032.asp 
  Set the Security settings in Internet Explorer to 
  disable ActiveX support. The easiest way to do this is to set the security 
  level to Medium or High. To make this change, click on the Tools menu option 
  and select Internet Options. Click on the Security tab, then select the 
  Internet icon at the top of the window. Alter the security settings in the 
  lower section of the window. You can make the same change by clicking on Start 
  | Settings | Control Panel and choosing Internet Options from there. 
  Delete day.htm from the Windows folder and 
  <name>.hta from the Windows system folder; <name> is 
  an eight character string representing a hexadecimal number (that is, it 
  consists of some combination of the characters 0-9 and A-F). There could be 
  more than one of these files and each should be around 4 kilobytes in size. 
  All of these files should be deleted. 
  Delete ALL e-mail messages infected with the Kak.B 
  worm (these will display an ActiveX warning). 
  Close any applications that are open and reboot 
  your computer. 
  Scan all files on your machine with your 
  up-to-date antivirus software. 






eGroups Sponsor


Click here to Win a 2001 Acura MDX








To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxx