A friend's computer, Win98, displays a window titled kak.hta whenever it boots. I suggested he download a trial version of NOD32, update it and do a clean with it. Nothing found! So, I've cleared Run in the registry and attempted to stop it starting via msconfig. It returns without failing, having the gall to re-check the startup entry in msconfig. Can someone please point me to where I can find a solution?

It's strange.
Try to send the file to: samples@nod32.com for further analyzis.

Kak is a little beast--and can be difficult to remove.

I would visit this site:

http://securityresponse.symantec.com/avcenter/venc/data/wscript.kakworm.html

and read the instructions carefully, as this worm can write to your autoexec.bat files, among others.

Good luck.

please do this
http://www.wilderssecurity.com/showthread.php?t=15913

but don't bother with adaaware & spybot in this case, just post a hijackthis log in that forum please

Thanks for the help. I followed JimIT's guidance and slavishly followed the Symantec routine. It turned out that most of the infestation had gone; the only bit left was hidden in autoexec.bat and amounted only to displaying the wretched window.
@dvk01. I don't think it's worth a separate post; I had already run AdAware, Spybot and Spysweeper - they found nothing, probably because other than the line in autoexec.bat there was nothing to find. I have never tried hijackthis but I'm certainly now going to look at it.
Thanks everyone.

Any time there is a persistant infection it's worth running HJT. all it does is displays the usual places from the registry and ini files that malware uses to start up. It displays them in a manner that makes it easy to see & fix them without actually having to manually edit the registry and the risk of making mistakes

it's suprising what an experienced eye can spot that doesn't look right

the automatic removers are very good but the human eye is better in these cases