Thread: kak.hta

It's a worm called Kak. I've had it before, it managed to infect the entire network. Now we have precautions!! (i.e. firewall/A-V). It attaches itself to e-mails, so anyone you have sent a mail to could be a potential victim. It also randomly appears to dissallow loading of windows on certain days. It pops up saying "Not today" or something like that then shuts down.

It's not particularly dangerous, just a pain in the arse. Get a A-V to clear it out. Make sure also to remove the signature section from Outlook.

I've had it too. I cleaned mine manually though. It's even nice enough to create a backup of the files it uses!
I got this off the net when I got it.

F-Secure Anti-Virus detects the worm. When the worm has been detected, the user should delete the following files, if they exist:


C:\Windows\kak.htm
C:\Windows\System\(filename).hta
where (filename) is a variable, and it changes from one system
to another


C:\Windows\Start Menu\Programs\Startup\kak.hta
[French only] C:\Windows\Menu Demarrer\Programmes\Demarrage\kak.hta

The "autoexec.bat" file can be restored by renaming "C:\AE.KAK" to "C:\autoexec.bat".

Kak uses a known security hole in Microsoft Outlook Express to create the local HTA file.

Mine was an unusual case, because I got infected twice, that complicated things a bit. But I'm clean now.
HTH

hmm, odd. I'm using VShield with definitions I downloaded ages ago, and it picked it up ages ago with the original virus dat files from over 1 year ago!

Because McAffee sucks monkey balls!

I got a program from a public FTP(which I never ran, thank God), which had a virus in it... I had the latest McAffee defs and it didn't say anything about it.... a friend with norton(which I am upgrading too as soon as I can afford the 2001 upgrade) got the file from me and it immediatly alerted him....

never trust McAffee...


But your case is wierd, because when I had kak.hta, McAffee with defs from february 2000 recognized it.

ah, I've got Norton firewall and together they do a good job.