Tuesday, June 19, 2007

Kak: A "No-Click" Email Worm

This resource have been adapted from http://www.ukans.edu/~acs/virus/kak.shtml

Is Kak On My Computer?

Check for Kak infection on your computer by scanning with an up-to-date virus scanner. Or do this:

  1. Go to the Start button, then Find and click on Files or Folders.
  2. Enter kak.htm in the Named window.
  3. Click on the Find Now button.
  4. If it finds kak.htm on your computer, go to the Removing Kak instructions.

Preventing Kak Infections

I. Patch the hole that Kak exploits:

  1. Download this Microsoft patch. Enter this URL in Internet Explorer's Address window: ftp://ftp.microsoft.com/peropsys/IE/IE-Public/fixes/usa/Eyedog-fix/x86/q240308.exe
  2. When Internet Explorer asks: "What would you like to do with this file?" choose "Run this program from its current location."

    All this patch does is force Outlook 2000 or Outlook Express to give you fair warning when they encounter something like Kak. This is the warning:

    "Some software (ActiveX controls) on this page might be unsafe. It is recommended that you not run it. Do you want to allow it to run?"

    Academic Computing Services highly recommends you answer "No" to that question whenever you see it.

II. Close the door that unsafe scripts (such as Kak) might enter:

  1. Start Internet Explorer.
  2. Go to the Tools menu and click on Internet Options.
  3. Click on the Security tab.
  4. Click once on the Internet icon (to highlight it).
  5. Click on the Custom Level button-bar (lower part of dialog box).
  6. Under Download Signed ActiveX Controls ... select Enable
  7. Under Download Unsigned ActiveX Controls ... select Disable
  8. Under Initialize And Script ActiveX Controls Marked As Unsafe ... select Disable.
  9. Click OK.
  10. Click OK (again), then shut down Internet Explorer.

III. How to keep from inadvertently spreading this class of email worms to your correspondents in the future--optional

(Outlook Express users only)

  1. Start Outlook Express.
  2. Go to the Tools menu and click on Options.
  3. Click on the Send tab.
  4. Where it says Mail Sending Format (near bottom), select Plain Text.
  5. Click OK
  6. Shut down Outlook Express.

(Outlook 2000 users only)

  1. Start Outlook 2000.
  2. Go to the Tools menu and click on Options.
  3. Click on the Mail Format tab.
  4. In the window to the right of Send In This Message Format (top), make sure it says Microsoft Outlook Rich Text. (NOT HTML).
  5. Click OK
  6. Shut down Outlook 2000.

Removing Kak

If you are certain your computer is infected with Kak (Check to make sure Kak is on your computer), follow these instructions to remove it.

I. Remove Kak files

  1. Go to the Start button, then Find, and click on Files or Folders.
  2. Enter kak.htm in the Named window.
  3. Click on the Find Now button.
  4. Click once (to highlight) kak.htm and hit the DEL key.
  5. Click the cursor back in the Named window
  6. Enter *.hta
  7. Find the file xxxxxxxx.hta, where the xxxxxxxx is eight random letters and numbers as the first name of this file and its second name (extension) is .hta.
  8. Click once (to highlight) and hit the DEL key.

II. Patch the hole that Kak exploits.

III. Shut Down, Then Restart Your Computer.

IV. Delete Default Signature (Outlook Express users only)

  1. Start Outlook Express.
  2. Go to the Tools menu and click on Options.
  3. Click on the Signatures tab.
  4. In the Signatures window (middle) click once (to highlight) on Signature #1
  5. Click on the Remove button. Likewise, remove any other Signatures.
  6. Click on the Apply button (bottom right).
  7. Click OK
  8. Shut down Outlook Express.

V. Clean Up Harmless Kak Residue ----- Optional

  1. Go to the Start button, then Find, and click on Files or Folders.
  2. Enter Autoexec.bat in the Named window.
  3. Click on the Find Now button.
  4. Click once (to highlight) on Autoexec.bat in the bottom (found) window --- choose the first autoexec.bat if there is more than one.
  5. Go to the File menu (top left), click on Rename, and type Autoexec.Old.
  6. Go to the Start button again, then Find, and click on Files or Folders.
  7. Enter AE.KAK in the Named window.
  8. Click on the Find Now button.
  9. Click once (to highlight) on AE.KAK in the bottom (found) window
  10. Go to the File menu (top left), click on Rename, and type Autoexec.Bat

0 responses:

Post a Comment

Thanking you for your comment(s). Hope you will visit this blog again!

Subscribe to geeklog feed Bookmark and Share

Design by Free blogger template