Hi guys and gals

after booting i get a "Registry Editor Message" box pop up, it says "Cannot import C:\windows\kak.reg : Error opening the file. There maybe a disk or file system error"

Also another box (HTML Application) pops up with a caution sign saying "Kagou-Anti-Kro$oft says not today" (on the tool bar it says "Driver memory error"

What is this?

Thanks in advance - Chris http://www.sysopt.com/forum/frown.gif

well it's not one i'm familiar with, but it looks like a very good virus candidate. can you do a search on that kak.reg file and mail me a copy of it? i'd like to see what it's doing. also, do you notice any other effects? do you remember installing or running anything just prior to this problem?

you may consider a scanreg/restore and restore a previous registry from before the issue started. it sounds like there's a possibility that there are some of the .reg files that may have been able to have been run and if they were, you can probably bet that it wrote to load itself everytime at boot, probably in HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
or
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

check to see if a scanreg/restore works and if it does, run a virus scan once you're in windows and even if it doesn't pick anything up DON'T run whatever it was that you ran last time. http://www.sysopt.com/forum/smile.gif

let us know what happens.

You have the Wscript.KakWorm Virus http://www.sysopt.com/forum/frown.gif

Check out Symantec's write up on this virus:

http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html

izzzy12k

Thanks for the info Izzzy, it's a pain in the **** i know that much..

Anyone know how to get rid without Formatting?

Current Norton AV. You can get the shareware version although it might take a while on a dialup.

When you click ok on the HTML APPS box it re-boots http://www.sysopt.com/forum/frown.gif

I was thinking it's a virus too http://www.sysopt.com/forum/frown.gif

[This message has been edited by Ceeffa (edited 03-01-2000).]

The caution message makes it a good bet it is a virus.

Thanks ktwebb http://www.sysopt.com/forum/smile.gif

Let us know if you were able to remove it.

izzzy12k

The Norton AV program i d/l found 2 files and placed them in quarantine as it said it couldn't fix them right away..


Chris (thanks for everyones help) http://www.sysopt.com/forum/smile.gif

try checking for updates whilst you have the 30 day trial.

So maybe you can fully clean out the virus.

izzzy12k

You also may want try AVP, it's another great virus scanner that works from DOS. They have updates as of today 04 March 00.

http://www.avp.com/trial_versions.html


I run both NAV and AVP, to back up each other. Good luck with this.

Izzzy I did download the update that is what found it http://www.sysopt.com/forum/smile.gif

SG thanks for the info http://www.sysopt.com/forum/smile.gif

sorry this reply is late, i need to spanked and sent to bed lol http://www.sysopt.com/forum/wink.gif

Chris