Booting Problem in my home computer
My computer after booting shows the following message “cannot import c:windowskak.reg,
Error opening the file.
There may be a disk or file system error”.
Please explain what this means?
My computer after booting shows the following message “cannot import c:windowskak.reg,
Error opening the file.
There may be a disk or file system error”.
Please explain what this means?
Amarion Dwayne,
Hello,
This message appears since your system is attacked by a worm called "kak". This worm can be transferred from the infected system through email without being attached to the mail. It is written in JavaScript and works both on English and French versions of windows Operating System if Outlook Express 5.0 is installed. When the user opens the infected outlook mail file, this worm creates a file in windows startup directory called "kak.hta". Once after the system is infected, and restarted kak gets activated due to which the c:autoexec.bat is replaced and copied as c:AE..KAK. Then it altered the message signature settings in outlook illegally. Then it creates a key in windows registry. This can be cured by F-secure Anti-Virus.
Charle Faru
Hello Amarion,
The error message you are getting basically means that your computer has been infected with the KakWorm. KAK (Kagou Anti Krosoft) or KakWorm is a JavaScript worm that spreads itself in the Internet in infected messages, particularly thru Microsoft Outlook Express. The JavaScript language on this worm makes it possible for the worm to spread itself thru Microsoft Outlook Express when an infected message is opened. It immediately infects your computer after you unknowingly view or open the infected email message. It then finds its way to your computer's Registry and attaches itself there as a registry key that typically looks like this: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncAg0u. Once attached on the registry, it edits the autoexec.bat to make your computer launch the worm when you power up your pc and login to your user account.
The worm adds these commands to the autoexec.bat:
@echo off C:WindowsStart MenuProgramsStartUpkak.hta
Del C:WindowsStart MenuProgramsStartUpkak.hta
Now, how do we fix this issue? Here are step by step instructions on how to remove this worm (considering that you could still login to the Administrator or your personal user account and access the Internet thru your Internet browser):
Open Internet Explorer or your preferred Internet browser to download Malwarebyes Anti-Malware and a registry cleaner called CCleaner from http://download.cnet.com/ccleaner/ or www.filehippo.com. Remember to save both files to the desktop for your convenience.
Install both Malwarebyes Anti-Malware and CCleaner after download.
Close all other applications running and run a 'Quick Scan' with Malwarebytes.
and restart your computer when Malwarebytes is done.
The Registry cleaner CCleaner needs to be run after Malwarebytes to cleanup the Registry from unused, damaged files or folders. It also fixes registry errors that cause pop-up error messages appearing when you first login to Windows.
Alternatively, if the above solutions don't work for you, there's another way how to remove KAK. It's a longer process, but it works.
Manually remove KAK from the registry and thru Safe Mode.
We first need to backup the Registry to safeguard Windows:
Click "Start" and then click "Run" from the Start Menu options.
Type REGEDIT in the "Run" field and press the Enter key.
On the Registry Editor window, click the drop down menu on the top of the page.
Chose Export Registry File option.
In the File Name field type "backup" (without the quotation marks).
Save file to "Desktop".
Select "All" in the Export Range group box.
Click on the "Save" to save the Registry settings.
Close the Registry Editor window.
Boot the computer to Safe Mode:
Restart the computer and keep tapping the F8 key as soon as the computer powers back up. Do this until the Windows Advanced Boot Options page appears.
Select the "Safe Mode" option and press the Enter key.
Login to Administrator or to your user account. NOTE: Click "Yes" on the pop up window that appears when Safe Mode starts to continue working on Safe Mode.
Registry Editing:
Click "Start" then click "Run" from the Start Menu options.
Type REGEDIT in the "Run" field and press the Enter key. Registry Editor window will appear.
On the Registry Editor window, hit the + sign right beside HKEY_LOCAL_MACHINE to expand the folder.
Browse down and hit the + sign on Software.
Browse down and hit the + sign on Microsoft.
Browse down and hit the + sign on Windows.
Browse down and hit the + sign on CurrentVersion.
Single-click on the Run folder so it is highlighted.
On the right pane, under Name column, look for cAg0u and single-click on it so it is highlighted.
Press the Delete key on the keyboard to remove the cAg0u entry. (If you do not find the cAg0u entry in this location, click on My Computer at the top of the registry, then click on Edit and Find. In the Find What field type: cAg0u (where 0 is the number zero) and click Find Next. Delete any entries that it finds.
Close the Registry Editor Window.
REPAIRING AUTOEXEC.BAT:
Click "Start" then click "Run" from the Start Menu options.
Type SYSEDIT in the "Run" field and press the Enter key. System Configuration Editor window will pop-up.
The front window should be labeled C:AUTOEXEC.BAT.
Delete the following lines, which are found in the C:AUTOEXEC.BAT window by highlighting the line and then pressing the Delete key on the keyboard:
C:WINDOWSSTARTM~1PROGRAMSSTARTUPKAK.HTA
DEL C:WINDOWSSTARTM~1PROGRAMSSTARTUPKAK.HTA
(NOTE: These lines may begin with @ECHO OFF or something similar. Just go ahead and delete the entire line. You also need to scroll down to see the lines.)
Save changes when prompted to.
Change the Folder View Options:
Double-click on the My Computer icon on the desktop.
Double-click on the C: drive.
Click on View menu then click on Options (or Folder Options). The Folder Options dialog box will then appear.
Click on the View tab and select the Show all files option.
Uncheck 'Hide file extensions for known file types' or chose 'Show hidden files or folders'.
Click Apply and OK down below the page to exit.
Remove the StartUp Folder Reference:
Click Start.
Highlight Settings.
Click on Taskbar & Start Menu. The Taskbar Properties dialog box will then appear.
Click on the Start Menu Programs tab.
Click on the Remove button. You will then see a list of folders and shortcuts.
Locate the StartUp folder and click on the plus sign (+) next to it.
Look for anything with KAK in the name. If you find something with KAK, single-click on it so it is highlighted then click the Remove button to delete it.
Click the Close and the OK button all the way out.
Delete the KAK Files:
Click Start.
Click Find then click on Files or Folders. The Find Files dialog box will then appear. (Make sure the (C:) drive is selected in the Look In field so the entire C: drive will be searched.)
Type kak.* in the Named field then click Find Now. (The computer will then search the hard drive for the files. When the files are found, they will be displayed towards the bottom of the dialog box).
If the files are found, hold down the Ctrl button and press the letter "a" to highlight the files. Once the files are highlighted press the Delete key on your keyboard. Answer Yes to any prompts asking if you are sure you would like to delete the files.
This time, type *.kak in the Named field then click the Find Now button.
Do the same steps mentioned above to delete the unwanted files found.
Now, type *.hta in the Named field then click the Find Now button.
Do the same steps mentioned above to delete the unwanted files found.
Once done, close the Find Files dialog box.
Empty Recycle Bin.
Restart the computer to boot back to normal Windows.
Fixing the Corrupt Outlook Signature:
Click Start.
Go to your Programs or All Programs list.
Open Outlook Express. (If your computer tries to connect to the Internet, cancel the connection).
In Outlook Express, click on the Tools tab on top of the page, then click on Options.
Go to Signatures tab.
At the bottom of the box under "Edit Signature" in the "File" field look for the reference: C:WindowsKAK.HTM. If it is there, then highlight "Default Signature" in the "Signatures" box.
Click Remove button.
Click Apply and OK all the way out.
Close Outlook Express.
Restart computer for changes to take effect.
That's it. Your computer should be good to go hereon.
~ Ken ~
Hello everyone,
I must say that Ken Vincent has provided the most appropriate and accurate solution for this problem. I am sure that the detailed explanation of steps have solved the problem faced by Mr.Dwayne. The presence of a website like www.techyv.com and its members like Ken Vincent have made troubleshooting quick and easy.
Right. Nice help from techyv.com. Most users, when they see the error in their computer they panic. Good we have a good technological website here. I have searched that there are similarities with the best solution you have all posted. Just in case only you can try these ways.
First of all: If an antivirus program is installed on the machine, do a full system scan (after updating virus defs). If no antivirus program is installed, go for an online virus scan.
Follow the instructions in the AV (or at the above mentioned link).
Take a look at these:
https://www.symantec.com/security_response/writeup.jsp?docid=2000-121908-3951-99
https://www.symantec.com/security_response/writeup.jsp?docid=2001-013012-3552-99
https://www.symantec.com/security_response/writeup.jsp?docid=2000-121814-4113-99