I think I've killed it, on my stand-alone PC, by the following steps:
1. Download the patch from
http://www.microsoft.com/Security/Bulletins/ms99-032.asp Don't worry that
the web page doesn't appear to contain the name of the virus - it seems to
work. Once you have downloaded it, run the executable file by double
2. Make sure you have a file in your C: root directory called AE.KAK.
3. Delete AUTOEXEC.BAT, which contains information put there by the virus.
4. Rename AE.KAK as AUTOEXEC.BAT
5. Delete all files starting with KAK or having .KAK as the extension.
6. Run REGEDIT.EXE.
7. Go to HKEY_CURRENT _USER/Identities/(your
identity)/Software/Microsoft/Outlook Express/5.0/signatures, and remove the
one put there by the virus.
8. Go to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run
and delete the file cAgOu.
9. Breathe a sigh of relief.
----- Original Message -----
From: Gordon and Pam Cain <firstname.lastname@example.org>
To: Corpora-L <email@example.com>
Sent: Thursday, March 30, 2000 10:35 AM
Subject: Corpora: that virus!
> Has anyone found out how to actually kill the blessed thing? I'm
> assuming that I don't have it -- I'm on Netsacpe -- but obviously the
> info I found was less-than-complete.
> And I didn't find any advice on how to get rid of it, and someone else
> had to quarantine it, not kill it. . .
> Is just deleting all files with 'KAK' in the name adequate? Somehow I
> doubt it.
> Thanks to anyone with wisdom and expertise on this!
> Gordon Cain
> Teacher of ESOL
> TAFE International Education Centre
> Liverpool (Sydney) Australia
This archive was generated by hypermail 2b29 : Sat Apr 01 2000 - 11:01:58 MET DST