Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Tam, I-Worm.Kakworm.d, Out
Sent by email.
The worm overwrites the Outlook Express 5.0 settings with its own, to send the virus with every outgoing email.
Worm/KakWorm.D is related to JS/Kak. It uses the same security hole to infect the system. There is a free Microsoft Update patch available at:
When the infected email is read, the worm creates a file named "tam.hta".
The autostart entry is French and it is made in Windows 9x Start directory ("C:\Windows\Menu démarrer\programmes\démarrage").
If the file "c:\windows\out.html" is accessible, it is deleted after running the file "tam.hta". Then, a new file, with the name of the deleted one, is created. This contains the virus code.
The worm checks if there is a file named "out.hta" in Windows directory. If not, the file "tam.hta" is hidden there.
The copied file "out.hta" is registered for autostart.
On August 30th, the following message appears for 4 times:
"Bon Anniversaire Lac !!!
Un ami... "
The worm uses two different routines:
The first version is used when the message is open for more then 10 seconds and the following window is displayed:
"Ok, chante HappyBirthday tout ira bien!!! "
The second version will display:
"KOI??? Ca t'interresse pas? Tu n'es pas digne du monde informatique. BYE-BYE" and Windows shuts down.
Description inserted by Crony Walker on Tuesday, June 15, 2004