Hello to all,
I am having a dilemma right now. My folks PC in Washington has contracted a Kavo Trojan. I am currently in the process of trying to remove this virus, however it keep coming back. Not surprisingly.
I am in CA right now using logmein(remote desktop) in an attempt to remove this virus/spyware. The virus was first detected by McAfee Antivirus .
I have perform the following:
1. Spyware Search & Destroy 1.4 w/ latest build
2. McAfee Antivirus w/ latest build
3. Lavasoft Adware Removal 1.06 Build w/ latest Update
Even attempted to look for kavo.exe and kavo0.dll files. Apparently, these files will keep spawning if deleted (McAfee deleted). I have disable the startup service kavo.exe in msconfig. However, I get a pop-up error message. Does anyone know of any method or tools that I can use to remove this virus/spyware. Please keep in mind that I am doing this remotely. I am instructing my folks on the phone. I have already scan my computer w/ McAfee in safe mode.
Thank you all for responding.
SOLUTION:
To remove kavo.exe (aka ntdelect.com, TROJ_NSPM.ADB, and TROJ_NSPM.ABT)
Please perform the following:
1. Go to Trend Micro- http://housecall.trendmicro.com/…
and use their housecall scan/removal
2. Go to Registry Edit aka regedit and
search for
"C:\WINDOWS\system32\kavo.exe"
with the value of kavo
Please note the location of the kavo may vary depending on the type of variant you have. The general information insist that it is in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”kava” = “%System%\kavo.exe”
I am working on removing all left over "residule" from the virus. As of right now McAfee wasn’t able to detect this virus (i.e. kavo0.dll, kavo.exe in any of my drives)
———————————————————————————
Virus First Reported Date:
Thursday, August 30th, 2007
Category:
EXE Files
Filename:
kavo.exe
Related to:
W32.Gammima.AG
File Directory:
%System%\kavo.e
I use SpyBot-Search and Destroy. It has proved to be really wonderful. It detects almost all spywares, fixes them and also provides immunisation to your sysem. It also scans for usage tracks and clears them such that no spyware can track ur habits. For advanced users, it comes bundles with several very useful tools which give advanced functionality.
I hav also tried AVG-Antispyware. It’s too good but the drawback is that it is not a freeware. U can use it in full mode for 30 days. then after 30 days, some features like automatic upgrades and premium support are swithched off. Still u can update it manually.
And one last word. Dump your McAfee antivirus. Many have misconception that Norton and McAfee are the ony big & best ones since they are paid softwares. Trust me AVG-Free is the best antivirus out there. It’s reaaallyyy worth a lot.
You have my sympathies. We went thru this 2x now. We ended up just putting in a new hard disk.
Oh this stinks huh….
I had a morpher which changed names constantly on me, but I did get the wee devil. Are you running the spyware in Safe mode?? You need to.
Also, turn off the system restore, they hide there.
The other thing I had to do was, once I narrowed down the two files that were doing it, I went into the registry and searched for them and deleted every occurrence.
I used superantispyware as well as the above. All in safe mode. Spybot has a 15 now too.
Make sure you also look on C:\windows\system32 to delete the names (in safe mode)
It took me 4 hours on the phone to do this. :-/
Hope this helps….
I had the trojan virus on my computer. I bought Xoft spy and it cleaned all the unwanted. The other spyware anti virus programs ended up just being virus’ them self. Its harder then I don’t know what..getting them off your computer.