ES - more info on Kak virus
Adam Harrison
hookshot at star-telegram.com
Mon Mar 27 11:22:39 PST 2000
Here's a little more info on kak. Apparently I was wrong about the autoexec
and ae.kak thing, but for some reason it did work for me...
-Bjorn
Subject: [bfg-list] Kak virus...final note
> Okay everyone, to kill the dead horse again, I did some last looking and
> here are the problems with your system if you have been infected with the
> kak virus (basically this is the Virus Encyclopaedia website simplified):
>
> 1) C:\Windows\STARTM~1\Programs\StartUp\kak.hta
>
> *This is where it all begins, if you can get rid of this before you
restart,
> you're fine. If you don't, then #2 occurs.
>
> 2) autoexec.bat command line error:
>
> @echo off> C:\C:\Windows\STARTM~1\Programs\StartUp\kak.hta
> del C:\Windows\STARTM~1\Programs\StartUp\kak.hta
>
> *This happens on the first startup after being infected. It runs kak.hta,
> causing #3 and #4 to happen, then it deletes itself and reruns itself to
> keep from being detected.
>
> 3) Registry error HKEY_LOCAL_MACHINE\SOFTWARE\
> Microsoft\Windows\CurrentVersion\Run\cAg0u
>
> *This is the registry error that allows #4 to run.
>
> 4) File C:\AE.KAK
>
> *This file is the file that the registry error directs to, when the kak
> virus runs it replaces autoexec.bat with ae.kak; this is the origin of the
> registry error.
>
> 5) File C:\Windows\kak.htm
>
> *THIS is the agent that infects other computers, it is the signature tag
> that spreads the virus.
>
> These are the five problems associated with the kak virus. Please
remember:
> run the Microsoft security patch BEFORE you begin decontamination, and
> please post in plain text ONLY until you are certain that every one of
these
> problems is eliminated one by one.
>
> Thanks
============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.
More information about the Elfsea
mailing list