REMOVAL INSTRUCTIONS:

• 1. From your Windows Menu, click on "Start", then "Settings - Remove".
  Remove jk.hta from "Programs - Startup"
  
  
• 2. Run regedit from windows.
  Delete the following keys:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cJks]
    cJks "C:\Windows\help\jks.hta"
    
  • [HKEY_CURRENT_USER\Identities\'+idn+'\Software\Microsoft\Outlook Express\5.0\signatures\00000000]
    c:\windows\command\mop.htm
    
  • [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F935DC22-1C50-11D0-AD0-ADB9-00C04FD58A0B}
    
  • [HKEY_LOCAL_MACHINE\software\CLASSES\Scriplet.Typelib\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}
    
  • [HKEY_LOCAL_MACHINE\Software\CLASSES\Scriptletfile\CLSID\{06290BD5-48AA-11D2-8432-006009C3FBFC}
    
  • [HKEY_LOCAL_MACHINE\Software\CLASSES\Scriptletfile\ScriptHostEncode\{06290BD5-48AA-11D2-8432-006009C3FBFC}
    
  • [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}
  
  
  
• 3. Boot up your computer with a clean DOS diskette from drive A. Change to the C: prompt and delete the following files:
  • C:\windows\help\jks.hta
    
  • C:\windows\startm~1\programs\startup\jks.hta
    
  • C:\windows\command\mop.htm
    
  • C:\jks.jk
    
  
  
• 4. Edit Autoexec.bat
  Delete any references to jk.hta, jks.hta, mop.htm or jks.jk
  
  
• 5. Change to subdirectory C:\windows\applic~1\identi~1\{37C86~1\micros~1\outloo~1\
  Delete any references to jk.hta, jks.hta, mop.htm or jks.jk
  
  
• 6. Run Vbuster.exe from the A drive, ie. A:\vbuster
  Scan your drives and delete or repair any infected files. Rebuild c:\windows\applic~1\identi~1\{37C86~1\micros~1\inbox.dbx
  
  
• 7. Execute Hdsentry from the Vbuster diskette in your A drive
  A:\hdsentry

Return Home