|
PureBytes Links
Trading Reference Links
|
I got infected by the virus. If anyone else
gets infected, I found the following at Computer Associates:
<A
href="http://www.cai.com/virusinfo/encyclopedia/descriptions/kakb.htm";>http://www.cai.com/virusinfo/encyclopedia/descriptions/kakb.htm
Kak.B Kak.B is an Outlook e-mail worm that
exploits a security hole in Internet Explorer 5. This variant is functionally
identical to the .A variant but it does have the following minor differences:
The file dropped in the startup folder is named
"day.hta", not "kak.hta" as in the .A variant.
The file set as the Outlook Express signature is
C:\windows\day.htm instead of C:\windows\kak.htm.
This variant also exploits the "Scriptlet.TypeLib"
vulnerability described in detail for the .A variant.
Cleaning:By downloading and installing the latest
updates, your computer will be protected. However you should still download the
software patch mentioned in step 6.
If your computer is already infected, use the
following steps to clear the virus:
Click <A
href="http://www.cai.com/virusinfo/encyclopedia/descriptions/reg/kakafix.inf";>here
to download a file called kakafix.inf (also works for Kak.b).
Save the file to your desktop and then right-click on the file and choose
"Install" to run it. This file will reset the registry entry for Kak so that
it will not be loaded when you next reboot your computer.
Edit autoexec.bat by using Notepad or by
selecting Start | Run and entering sysedit, then clicking on the OK
button. Once the autoexec.bat file is opened for editing, remove the following
two lines: @echo off> C:\Windows\STARTM~1\Programs\StartUp\day.hta
del C:\Windows\STARTM~1\Programs\StartUp\day.hta
Remove the Kak file from the startup group. To do
this, right-click on the Start button, select Open | Programs | Start Up.
Next, right-click on the Kak file and select the Delete option.
Open your e-mail client, select Tools | Option |
Signature and remove your default signature file.
Check that you have the latest anti-virus update
installed. If it is not the latest, then download the latest version and
install it on your machine.
Download and install the eyedog patch which is
available from Microsoft at
http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
Set the Security settings in Internet Explorer to
disable ActiveX support. The easiest way to do this is to set the security
level to Medium or High. To make this change, click on the Tools menu option
and select Internet Options. Click on the Security tab, then select the
Internet icon at the top of the window. Alter the security settings in the
lower section of the window. You can make the same change by clicking on Start
| Settings | Control Panel and choosing Internet Options from there.
Delete day.htm from the Windows folder and
<name>.hta from the Windows system folder; <name> is
an eight character string representing a hexadecimal number (that is, it
consists of some combination of the characters 0-9 and A-F). There could be
more than one of these files and each should be around 4 kilobytes in size.
All of these files should be deleted.
Delete ALL e-mail messages infected with the Kak.B
worm (these will display an ActiveX warning).
Close any applications that are open and reboot
your computer.
Scan all files on your machine with your
up-to-date antivirus software.
eGroups Sponsor
Click here to Win a 2001 Acura MDX
To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxx
|