Mabait RAN Online Forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Mabait RAN Online Forum

Mabait Online General forum webpage is a support topics to all user of mabait online.
 
Main  HomeHome  MainMain  Latest imagesLatest images  SearchSearch  RegisterRegister  Log inLog in  

Mabait RAN Online Forum :: Tutorials
 

 Remove CKVO.EXE in your system part2

Go down 
AuthorMessage
Admin
Admin
Admin


Posts : 69
Join date : 2008-06-29

Remove CKVO.EXE in your system part2 Empty
PostSubject: Remove CKVO.EXE in your system part2   Remove CKVO.EXE in your system part2 EmptySat Mar 14, 2009 6:49 am
Other Way:



Kamsoft CKVO.exe malware manual removal instructions

Description: Troj/Gamania-BW

Name: Kamsoft

Command: C:\windows\system32\ckvo.exe

This malware creates following entries in registry so that it executes whenever windows starts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Kamsoft"=C:\windows\system32\ckvo.exe

Attacks all drives and modifies mount points key in registry so that when you double click on drives they open in new window instead of opening in same window

Example:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ef6149-5e60-11dd-8a88-0003254ecf1b}\shell\Autoplay\DropTarget

Resets the hidden files attributes.

Files associated with this malware that are hidden as system files in all partitions including C:\

39lpji.com
ktnquo.exe
vxl.exe
oq.cmd
fe.bat
kk3.bat
rs.cmd
autorun.inf

Files found in C:\windows\system32

ckvo.exe
ckvo0.dll
ckvo1.dll

Removal instructions:

Start the computer in safe mode by pressing F8 during booting

Open Registry Editor

Delete the value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Kamsoft"=C:\windows\system32\ckvo.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\

delete all the keys starting with {........}

Example:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ef6149-5e60-11dd-8a88-0003254ecf1b}

In the above key delete {05ef6149-5e60-11dd-8a88-0003254ecf1b}

Open the command prompt

go to C:\>

type attrib so you can see the hidden files in root drive

To clear the attributes of malware files type

attrib -s -h -r filename

Example: C:\>attrib -s -h -r autorun.inf
D:\>attrib -s -h -r autorun.inf


repeat the above command for all files of malware

To delete the virus files type

del filename

Example: C:\> del autorun.inf
D:\> del autorun.inf

repeat the above command for all files of malware

look for the files of malware in all other partitions and delete them.

go to c:\windows\system32>

type attrib -s -h -r ckvo.exe
attrib -s -h -r ckvo.dll
attrib -s -h -r ckvo0.dll
attrib -s -h -r ckvo1.dll
del ckvo.exe
del ckvo0.dll
del ckvo1.dll

Some files in system32 may not delete then you should logoff once and logon to delete any files associated with this malware

Now open Registry editor go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL

Change the DWORD value of Checked Value from 0 to 1.

Now go to folder options and change the hidden file attributes and show system files options. You should be able to see all hidden files.

Finally turnoff the system restore and turn it on again so the previous restore points will be deleted
Back to top Go down
https://mabait.forumotion.com
 
Remove CKVO.EXE in your system part2
Back to top 
Page 1 of 1
 Similar topics
-
» CKVO.EXE Cloaked Malware
» How to remove SERIOUS VIRUS attack!..
» New Stat Adder System
» EP5 PET SYSTEM PUSANG GALA "WATCH MOVIE"

Permissions in this forum:You cannot reply to topics in this forum
Mabait RAN Online Forum :: Tutorials-
Jump to: