Go to home page of Udaipurplus.com


For Tourists Kids Corner Business Listing Wallpapers Contact


There is a virus came from the internet and spreading all over world.For removing this virus go thru these steps and do the needful.

The KAK Worm

Gone are the days where you need to open an executable file or a Document file for a virus to gain entry into your system. All you need to do to incure a virus attack is to read a mail. The KAK worm similar to the Bubble boy gets activated in Outlook Express 5.0. This worm takes advantage of the error in Outlook to spread. When the Preview pane is open the worm's script
code is executed and thus infects the system.

Technical Details :

The KAK worm arrives in an email that appears to be a plain HTML message without any signs of a virus. As soon as the mail is viewed in the preview pane the worm exploits the IES security vulnerability and creates a file in the local Hard drive. This is possible only when the security s set to 'Medium' or 'Low'.

A file KAT.HTA is dropped into the "C:\Windows\Start Menu\Programs\Startup" directory so that it gets executed during the next reboot. This path is found in French in the original virus. The same file is also copied into "C:\Window\System" directory in some random name.

When the system is rebooted the virus drops a hidden file LAL.HTM in the "C:\Windows" directory. It then backs-up Autoexec.BAT as AE.BAT and the appends the Autoexec.BAT file to delete the KAK.HTA file from the Startup directory. It then changes the registry entry so that the LAL.HTM is automatically included as the user-signature in all outgoing messages.

If the message is sent out in the HTML format then the worm attaches as the signature. If the mail is sent in the TEXT format then the worm is sent as a HTML attachment ATT1.HTM. On the 1st of any month and after 6pm the virus pops a message and then shutdown Windows.

This worm does not activate the NT.

Removal and Prevention :

1. Change the following in the Registry

A. Delete the following value

Hkey_Users\.Default\Software\Microsoft\Windows\Current Version\Run


B. Also delete the file that was mentioned in the value of the above Key
from the Windows\System directory.

C. Delete the following Value

Hkey_Current_User\Identities\id..\Software\Microsoft Outlook\5.0\Signatures

Delete all values. Only Default with Value not set should appear.

2. Delete--


?????????.hta (Take this name from the registry entry you deleted in step1 )



3. Copy AE.KAK as Autoexec.BAT

You may visit http://support/microsoft.com/support/kb/articles/Q240/3/08.ASP to download the patch.

Sharad Mathur







Home Page

Hotels & Resorts



Hospital & Doctor



Restaurant / Bar

Schools / Colleges

Computer Institutes

Business Listing




Kids Corner

Out & About Udaipur

Udaipur Info

Useful websites



Yellow Pages


Photo Gallary




Cartoon corner


Online  directory


Suggest this site