Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » JS/KAK.Worm

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published
Description created 24 Apr 2000 03:00:00
Description updated 26 Nov 2002 04:21:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

JS/KAK.Worm

Spreading

Kak is a worm that embeds itself to every email sent from the infected system, without any attachment.

Payload Details

n/a

Analysis

n/a

Removal

The removal of the worm has to be done semi-manually by performing these steps in this order: Find and delete the following file C:\Windows\kak.htm Find and delete the following file C:\Windows\System\(filename).hta where (filename) is a variable, and it changes from one system to another Find and delete the following file C:\Windows\Start Menu\Programs\Startup\kak.hta Find and delete the following file C:\Windows\Menu Demarrer\Programmes\Demarrage\kak.hta Find and delete the following file C:\Autoexec.bat Find and rename C:\AE.KAK to C:\autoexec.bat Find and delete the following registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAg0u Find and remove the value in the following registry entry HKEY_CURRENT_USER\Identities\Software\Microsoft\Outlook\Express\5.0\signatures\ Protection from Kak and similar malicious programs This worm utilizes a vulnerability in Outlook Express. The same vulnerability is used by the VBS/Bubble.Worm. Microsoft has relased a patch which prevents being exposted to this vulnerability.


Last Updated: 12 Nov 2015 11:06:14