Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

if u can hlp your a tech god! getting rid of KAK worm!

Status
Not open for further replies.

cadmancan

IS-IT--Management
Feb 12, 2003
72
US
Have Windows 98 SE
-Have kak worm (kak.hta)
-(anyone not familar go to vil.nai.com, not www)
-downloaded patch from microsoft for that particular virus (both Norton & Mccafee said to)
-referred to a fixkak.exe; got an error executing -program or it said there was no infection
-keeps loading program in startup folder no matter if I delete, rename or place in disable startup.
-cant delete startup even if no program is in folder.
-ran Ad-Aware, Spybot search & destroy and Norton w/ latest virus definitions.
-went and edited registry under signatures and deleted all instances of KAK.
-deleted the AE.KAK
-disabled Active Scripting in internet options-->Security-->Restricted Sites-->Custom Level (this one way it propgates)
-nothing seems to work

Followed instruction to a T and nothing seems to work. Thanks
 
Wow! You just mentioned about any fix I would have recommended - except for one ;-)

Do you know Knoppix? It's sort of a bootable Linux CD. I.e. you have a complete OS on CD. Try to get that at your disposal (I just got one together with a PC mag).

Boot from this CD. the try to disinfect again. Obviuosly the virus is located in system file which is active during runtime and can therefore not be deleted/renamed/disinfected.

Another possibility is a clean bootable disinfect disk. Have one of your pals create one from a clean machine and boot from that disk.

Hope any of the above apply
Good luck,
Andy

Andreas Galambos
EDP / Technical Support Specialist
(andreas.galambos@bowneglobal.de)
HP:
 
I read about Knoppix from official website. Other than what I read I know little about Linux so if you could answer some things for me about this.
-I boot up from CD using this disk (knoppix)
-I can only assume it will prompt me to install, which at least for this system I DONT WANT to do. How will I be able to access the Win98 portion to run Norton or any of the other programs?
-I hadnt thought of making a boot disk from another clean Win 98 box. Thanks
 
That's the point cadmancan:
You don't need to install anything, just let Knoppix start :)
It's a full stand-alone Operating system of its own, based on Linux. Just boot it from CD. When up, browse through your system folders and just start your Norton...

I have seen this thing in action, else I wouldn't believe it. One of my colleagues messed up his notebook with an update installation of Win XP pro. However his Norton AV was still running and it made the install crash. After that, he had neither system to boot!
He finally booted up with Knoppix and - voilà. No autostarted process that could block anything.
Set-Up a so-called Samba client so he could fake a network login to get into internet... all without booting one single windows dll.

[afro2]
 
Thanks for the elaboration on Knoppix.
Just to let mattjurado know, I did try in safe mode and was unsucessful

Thanks got both peices of advice. I am always open to more
 
Would you try AVG from ? It is free and is known to find viruses Norton and NAI skip.
It does not cost a thing to try.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
 
Well friends nothing has worked. I did everything that was suggested and as far as all these virus programs are concerned there is no virus but I know there is.

At startup a blank large dialogue box (white background) comes up and shows the path C:\Windows\Programs\Startup\KAK.HTA.
If I close it it ALWAYS comes back up on next reboot
If I uncheck it from msconfig it always comes back up on next reboot

Please help further if u can
 
I think you've tried all that, but that's all the info I could find.

Jim

 
Not knowing too much about the KAk worm, or if any of this will help;
That "white background" dialog box is indicative of Active Desktop, which itself, relies on the Windows Update component.(maybe you can track down prob this way)

Look for invalid Load= and Run= entries in Win.ini under Msconfig, look also in the
[programs] section of win.ini.

Also examine all other msconfig tabs

Consider deleting your rb00#.cab files (Registry restore/backup) in the C:\windows\sysbackup dir., as Win won't allow most scanners to change anything in there...(only do this if you are sure you won't need the Scanreg /restore command to save you, however, it also may reinfect you)

The process below may keep reinfecting you, if you're not sure..
Copy only all you're stuff you want to keep (the ones you're sure aren't infected), from the C:\Windows\Programs(Weird directory, Not Normal Win Dir.) folder to a diff created folder and try to boot to a command prompt and deltree C:\Windows\Programs...then re-create the dir in windows/and move stuff back in, if the prob is solved..

TT4U

Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
 
Might try this if all else fails, I have done this in the past when nothing else would work as this is done in Dos enviornment before any windows files are loaded. Create a clean Windows 98se boot floppy with an (up to date )antivirus program such as F-Prot for Dos using an uninfected machine. This usually involves 2 floppy disks.
Boot with boot floppy in drive A.


okiepc


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top