ES - more info on Kak virus

[Adam Harrison]

Here's a little more info on kak.  Apparently I was wrong about the autoexec
and ae.kak thing, but for some reason it did work for me...

-Bjorn



Subject: [bfg-list] Kak virus...final note


> Okay everyone, to kill the dead horse again, I did some last looking and
> here are the problems with your system if you have been infected with the
> kak virus (basically this is the Virus Encyclopaedia website simplified):
>
> 1)    C:\Windows\STARTM~1\Programs\StartUp\kak.hta
>
> *This is where it all begins, if you can get rid of this before you
restart,
> you're fine.  If you don't, then #2 occurs.
>
> 2)    autoexec.bat command line error:
>
> @echo off> C:\C:\Windows\STARTM~1\Programs\StartUp\kak.hta
> del C:\Windows\STARTM~1\Programs\StartUp\kak.hta
>
> *This happens on the first startup after being infected.  It runs kak.hta,
> causing #3 and #4 to happen, then it deletes itself and reruns itself to
> keep from being detected.
>
> 3)    Registry error HKEY_LOCAL_MACHINE\SOFTWARE\
> Microsoft\Windows\CurrentVersion\Run\cAg0u
>
> *This is the registry error that allows #4 to run.
>
> 4)    File C:\AE.KAK
>
> *This file is the file that the registry error directs to, when the kak
> virus runs it replaces autoexec.bat with ae.kak; this is the origin of the
> registry error.
>
> 5)    File C:\Windows\kak.htm
>
> *THIS is the agent that infects other computers, it is the signature tag
> that spreads the virus.
>
> These are the five problems associated with the kak virus.  Please
remember:
> run the Microsoft security patch BEFORE you begin decontamination, and
> please post in plain text ONLY until you are certain that every one of
these
> problems is eliminated one by one.
>
> Thanks


============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.