I need help! I have norten Anti-virus which is updated every two weeks. Had trouble with my computer, and even though the scan shows nothing, I found the following in my computer:
KAK.HTM - html file attached to startup menu
AE.KAK - in my c drive
I believe these are the KAK worms. I have these also in quarentine. Does anyone have info on web site to fix the KAK?
I don't know what is does, but I am having terrible trouble with my computer.
posted on March 12, 2001 09:08:33 PM
Thankyou for this info, I have been getting a driver error every time on startup and didn't have a clue what was wrong. I checked for this virus and found I had it!
Now I don't!!!
Once again....THANKYOU
posted on March 12, 2001 09:16:29 PM
Hi, all--Yes, the KAK WORM has come around again. Today I received a message (one of those "cute" things that one of my women friends likes to spam at all her friends), and right after that we had the Norton warning. Scared me because my husband wasn't home to walk me through it. Persistent little bug, eh? Whoever started that virus has earned MASSIVE HONKING BAD KARMA. -- Adele
posted on March 12, 2001 10:26:23 PM
Manual Removal of WScript/Kak.worm (KOGOU)
Boot into Safe Mode
1. Shut the computer down so the power is off.
2. Wait 20 seconds or so.
3. Turn the computer on and immediately begin pressing the F8 key on the keyboard once every second repeatedly. Do this until the Windows Startup Menu appears. If you get a keyboard error, press F1 to resume and then continue pressing the F8 key once every second.
4. Select option #3 (Safe Mode) from the Windows Startup Menu, then press the Enter key on the keyboard.
5. Windows will then boot into Safe Mode. NOTE: This may take longer than a normal boot.
6. At the end of the boot process a dialog box will appear informing you that Windows is in Safe Mode. Click OK on this dialog box.
7. Windows is now in Safe Mode.
Backup the Registry
IMPORTANT: Before beginning to manually remove KAK from your computer make sure to backup the Registry. This will safeguard your Windows installation. You can recover your Windows configuration by restoring the backup if an error occurs during the removal process.
1. Click on the Start button.
2. Click on Run.
3. Type REGEDIT in the Open field.
4. Click the OK button. The Registry Editor window will appear.
5. Click on the Registry pull-down menu.
6. Click on Export Registry File.
7. In the File Name field type "backup" (without the quotation marks).
8. In the Save In field be sure that the desktop is selected (if it is not, click on the pull down menu and select "Desktop".
9. Select "All" in the Export Range group box.
10. Click on the Save button. The registry will then be saved.
11. Click the X in the top right corner to close the Registry Editor.
NOTE: You now have a backup of your Registry saved as "backup" on your desktop. If you need to restore the Registry you can double-click on the "backup" file located on the desktop. Once these instructions are complete and everything is running properly be sure to delete this backup file by right-clicking on it then left-clicking on Delete from the pop-up menu that appears. This will ensure that the old registry is not accidentally restored once KAK has been removed.
Edit the Registry
1. Click on the Start button.
2. Click on Run.
3. Type in REGEDIT then click the OK button. The Registry Editor will then appear.
4. Double-click on the HKEY_LOCAL_MACHINE folder on the left side of the screen.
5. Double-click on Software.
6. Double-click on Microsoft.
7. Double-click on Windows.
8. Double-click on CurrentVersion.
9. Single-click on the Run folder so it is highlighted.
10. On the right side of the screen, under the Name column, locate cAg0u and single-click on it so it is highlighted.
11. Press the Delete key on the keyboard to remove this entry.
NOTE: If you do not find the cAg0u entry in this location then you can do a search for it and remove it. To search for the value click on My Computer at the top of the registry, then click on Edit and Find. In the Find What field type: cAg0u (the 0 is the number zero) and click Find Next. Delete any entries that it finds.
12. Close the Registry Editor by clicking the X in the top right corner.
Edit the AUTOEXEC.BAT File
1. Click on the Start button.
2. Click on Run.
3. Type in SYSEDIT then click the OK button.
4. The System Configuration Editor window will appear. The front window will be labeled C:\AUTOEXEC.BAT.
5. Delete the following lines, which are found in the C:\AUTOEXEC.BAT window, by highlighting the line and then pressing the Delete key on the keyboard:
C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\KAK.HTA
DEL C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\KAK.HTA
NOTE: These lines may begin with @ECHO OFF or something similar. It is okay to delete the entire line. You may also need to move the scroll bar down to see the lines.
6. Close all open windows until you are back on the desktop. You will be asked if you wish to save changes. Answer Yes.
Change the Folder View Options
(This is necessary to find the files in the 'Delete the KAK Related Files' section)
1. Double-click on the My Computer icon on the desktop.
2. Double-click on the C: drive.
3. Click on the View pull-down menu then click on Options (or Folder Options). The Folder Options dialog box will then appear.
4. Click on the View tab.
5. Select the 'Show all files' option.
6. Uncheck 'Hide file extensions for known file types'.
7. Click the Apply button followed by the OK button.
8. Close the remaining open windows until you are back on the desktop.
Remove the StartUp Folder Reference
1. Click on the Start button.
2. Highlight Settings.
3. Click on Taskbar & Start Menu. The Taskbar Properties dialog box will then appear.
4. Click on the Start Menu Programs tab.
5. Click on the Remove button. You will then see a list of folders and shortcuts.
6. Locate the StartUp folder and click on the plus sign (+) next to it.
7. Look for anything with KAK in the name. If you find something with KAK, single-click on it so it is highlighted then click the Remove button to delete it.
8. Click the Close button followed by the OK button.
Delete the KAK Related Files
1. Click on the Start button.
2. Highlighted Find then click on Files or Folders. The Find Files dialog box will then appear.
3. Make sure the (C drive is selected in the Look In field so the entire C: drive will be searched.
4. Type kak.* in the Named field then click the Find Now button.
5. The computer will then search the hard drive for the files. When the files are found they will be displayed towards the bottom of the dialog box.
6. If the files are found hold down the ctrl button and press the letter "a" to highlight the files. Once the files are highlighted press the Delete key on your keyboard. Answer Yes to any prompts asking if you are sure you would like to delete the files.
7. Type *.kak in the Named field then click the Find Now button.
8. The computer will then search the hard drive for the files. When the files are found they will be displayed towards the bottom of the dialog box.
9. If the files are found hold down the ctrl button and press the letter "a" to highlight the files. Once the files are highlighted press the Delete key on your keyboard. Answer Yes to any prompts asking if you are sure you would like to delete the files.
10. Type *.hta in the Named field then click the Find Now button.
11. The computer will then search the hard drive for the files. When the files are found they will be displayed towards the bottom of the dialog box.
12. If the files are found hold down the ctrl button and press the letter "a" to highlight the files. Once the files are highlighted press the Delete key on your keyboard. Answer Yes to any prompts asking if you are sure you would like to delete the files.
13. Once the files have been deleted click the X in the top right corner to close the Find Files dialog box.
14. Right-click on the Recycle Bin on the desktop. A pop-up menu will appear.
15. Left-click on Empty Recycle Bin. Answer Yes to any prompts asking if you are sure.
16. Restart the computer. It will automatically boot back into normal Windows.
Correcting the Infected Outlook Signature
1. Click on the Start Button.
2. Highlight Programs.
3. Click on Outlook Express (or other Outlook Program). If your computer tries to connect to the Internet cancel the connection.
4. In Outlook Express, click on the Tools pull-down menu then click on Options.
5. Click on the Signatures tab.
6. At the bottom of the box under "Edit Signature" in the "File" field look for the reference: C:\Windows\KAK.HTM. If it is there then highlight the "Default Signature" in the "Signatures" box.
7. Click on the remove button.
8. Click on the Apply button followed by the OK button.
9. Exit Outlook Express.
You are now clean from the KAK worm.
Prevent Future Infections of the KAK Worm
The KAK worm works by exploiting vulnerabilities in ActiveX controls. The vulnerabilities exploited by this worm have been addressed by Microsoft with a security patch. Installing this security patch will prevent the execution of this worm under default security settings. McAfee recommends applying this patch for all computers running Internet Explorer. Download this patch by going to http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.
posted on March 12, 2001 11:42:07 PM
When KAK first was an issue, I realized it was difficult to track down and remove. I wrote a free piece of software for it's removal. It even gets rid of any corrupted signature files.
You can DL it from my website. It's called CHECK4KAK and is in the anti-virus secion of the software page.
.
drive is selected in the Look In field so the entire C: drive will be searched.