-
March 12th, 2002, 02:24 PM
#1
I am infected with kak.hta!
This computer that I am at, started up this morning, and in the start up was a file I have never seen before. Kak.hta.I did a search on it, and it turns out that it was infact a worm.The Wscript KAK Worm is a worm/virus that attacks systems using Outlook Express.It uses a known security vulnerability to attach itself to every email sent from an infected system.
So....I have Norton AntiVirus 2000, I am not so sure when it was updated cause I dont live at the office. Although it seems that way sometimes...Windows 98 platform.....uhmm.....I am also on a large network, i don't know if the previous tech sent any emails via outlook express to other techs but I'll check the Sent Box.
Please Help with a link to a patch and info on fixing it.
Thank you.
P.S> I am running a Virus Scan right now...
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 12th, 2002, 02:55 PM
#2
well, if it is in your workplace, i guess its your Network/System Administrator's job.
go tell them and they'll fix it.. thats what they're gettin paid for.
-
March 12th, 2002, 03:11 PM
#3
Thanx any ways...i fixed it already.....
I was BEING A-m-b-i-t-o-u-s......lol
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 12th, 2002, 03:22 PM
#4
A-M-B-I-T-I-O-U-S maybe?
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
-
March 12th, 2002, 04:39 PM
#5
Dr Toker, make certain you boot to a 98 floppy and fdisk /mbr as kak is memory resident.
TC
-
March 12th, 2002, 04:50 PM
#6
Senior Member
Actually, the KAK worm is easy to get rid of manually (without using your AV software.) Our campus got infected with it last year, and I had to manually remove it from several computers.
Happy Hacking
-----------------------------------------------------
Warfare is the Way of deception.
-Sun Tzu \"The Art of War\"
-
March 12th, 2002, 05:05 PM
#7
Here is a link to the virus information. That document also contains a Removal Tool, and the patch for Outlook. Hope that helps!
http://service1.symantec.com/SARC/sa...t.KakWorm.html
An Ounce of Prevention is Worth a Pound of Cure...
-
March 12th, 2002, 05:07 PM
#8
Actually I checked, and it was only in the startup...wasnt in the autoexec, or the registry....at least in the space traditionaly used. Should I be worried it was only found in one place...i mean does that mean it was WELL hidden, or that it hadnt been executed yet?
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 12th, 2002, 05:11 PM
#9
I'd go use that removal tool, and then install the Outlook patch just to be safe. Then while you're at it go use Windows Update and install all the security patches that you may not have installed yet. As my signature says.......
An Ounce of Prevention is Worth a Pound of Cure...
-
March 12th, 2002, 05:12 PM
#10
Senior Member
if you do a "dir /w/p/ah *.kak" and "dir/w/p/ah *.hta" in your c:\windows\system\command directory, and don't see anything, you should be okay. if you do see something, you should do an "attrib -h <filename>" where <filename> is the name of the file you saw, then delete it.
Happy Hacking
-----------------------------------------------------
Warfare is the Way of deception.
-Sun Tzu \"The Art of War\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|