I am infected with kak.hta!
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: I am infected with kak.hta!

  1. #1
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724

    Exclamation I am infected with kak.hta!

    This computer that I am at, started up this morning, and in the start up was a file I have never seen before. Kak.hta.I did a search on it, and it turns out that it was infact a worm.The Wscript KAK Worm is a worm/virus that attacks systems using Outlook Express.It uses a known security vulnerability to attach itself to every email sent from an infected system.

    So....I have Norton AntiVirus 2000, I am not so sure when it was updated cause I dont live at the office. Although it seems that way sometimes...Windows 98 platform.....uhmm.....I am also on a large network, i don't know if the previous tech sent any emails via outlook express to other techs but I'll check the Sent Box.

    Please Help with a link to a patch and info on fixing it.


    Thank you.

    P.S> I am running a Virus Scan right now...
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    well, if it is in your workplace, i guess its your Network/System Administrator's job.
    go tell them and they'll fix it.. thats what they're gettin paid for.

  3. #3
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Thanx any ways...i fixed it already.....
    I was BEING A-m-b-i-t-o-u-s......lol
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  4. #4
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    A-M-B-I-T-I-O-U-S maybe?
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  5. #5
    TechieChick
    Guest
    Dr Toker, make certain you boot to a 98 floppy and fdisk /mbr as kak is memory resident.

    TC

  6. #6
    Senior Member
    Join Date
    Jul 2001
    Posts
    138
    Actually, the KAK worm is easy to get rid of manually (without using your AV software.) Our campus got infected with it last year, and I had to manually remove it from several computers.

    Happy Hacking
    -----------------------------------------------------
    Warfare is the Way of deception.
    -Sun Tzu \"The Art of War\"

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    Here is a link to the virus information. That document also contains a Removal Tool, and the patch for Outlook. Hope that helps!

    http://service1.symantec.com/SARC/sa...t.KakWorm.html
    An Ounce of Prevention is Worth a Pound of Cure...
     

  8. #8
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Actually I checked, and it was only in the startup...wasnt in the autoexec, or the registry....at least in the space traditionaly used. Should I be worried it was only found in one place...i mean does that mean it was WELL hidden, or that it hadnt been executed yet?
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    I'd go use that removal tool, and then install the Outlook patch just to be safe. Then while you're at it go use Windows Update and install all the security patches that you may not have installed yet. As my signature says.......
    An Ounce of Prevention is Worth a Pound of Cure...
     

  10. #10
    Senior Member
    Join Date
    Jul 2001
    Posts
    138
    if you do a "dir /w/p/ah *.kak" and "dir/w/p/ah *.hta" in your c:\windows\system\command directory, and don't see anything, you should be okay. if you do see something, you should do an "attrib -h <filename>" where <filename> is the name of the file you saw, then delete it.

    Happy Hacking
    -----------------------------------------------------
    Warfare is the Way of deception.
    -Sun Tzu \"The Art of War\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •