Posted 23 September 2011 - 07:35 PM
Last week I downloaded the (MS) Standalone SystemSweeper and ran it from CD on my Dell XP machine. Alarmingly, it found multiple instances of JS/Kak.gen which syssweeper rated as a "severe" threat, classed as a "trojan", something to "remove." So I chose that, and after a few minutes the sweeper said kak was successfully removed (all traces had been within my Eudora email inbox).
The syssweeper says Kak allows an attacker to operate the computer remotely. Sounds bad!! But is that characterization valid??
Two days later, I ran a more focused Sweeper scan again on the email program files. It found 3 more instances of Kak, and again I chose "remove." Hmmm.
Then I also searched for and read the entire MS page about Kak, noting the file and registry changes Kak makes. I searched for all those in my PC, including registry keys, not finding any noted, no *.hta at all. However, I see that the full MS malware page shows Kak as a lesser threat, a "trojan" but with some downplay as to its risk of spreading. Other sites also to call Kak a lower risk, as it's years old.
I searched on the internet for several other anti-malware pages about Kak, and all give it a lower severity rating. NONE says anything about it allowing an attacker to exploit the machine remotely. Neither ESET NOD32 nor Spybot found any kak malware on my PC.
Q1: Is SystemSweeper's "trojan" characterization (i.e., attacker taking control) mistaken? Or is most of the other information about kak out of date?
Q2: Later I ran two focused scans again, a bit broader this time. Both times, when sweeper finished, it just said, "Latest scan: Unavailable." Anybody know what that indicates?
I don't know whether to shrug it off as history now, or bite my nails and unplug the PC from the net. (I run ZoneAlarm too and am rather careful about net and email security.)