Saturday, January 5, 2008

Get rid of Kavo Virus...

Kavo
I’ve read many forums with regards to Kavo virus, which had infected my office PC last two months. Alhamdulellah I managed to get rid of it last week.

What is Kavo Virus? According to Symantec, they discovered Kavo Virus on August 27, 2007 and classified it as worm. This worm has been categorized by many as Trojan Drop. It steals security information, scripts, commands, etc. without the user’s knowledge or consent. Although the damage caused by Kavo Virus is claimed to be low by Symantec but very irritating to me to my opinion.

These are some signs that your computer is infected by Kavo:
  • Notice – kavo.exe application error (appears during entering Windows).
  • “The instruction at “0x10013e2d” referenced memory at “0x00ff873a”. The memory could not be “read”. (Note: the referenced memory number might vary)
  • Your Folder Options and/or Search Option may be disappeared.
  • If your Folder Options did not disappear, you may not be able to show hidden files and folders.
  • For Symantec Antivirus users, if you run the Virus Scan, such movement of cursor on the scan box during scanning will cause sudden stop and end up with “Program (Not Responding)” upon closing.
  • In some cases you are not be able to update virus definition.

How your computer could possibly get infected?

Based on my homework, the infection mainly came from email attachment from unknown senders. It can also be delivered through Messenger’s Instant Message. Some Trojans came from free codec. So be careful of the things to be downloaded. It can infect another computer via portable memory storage devices such as flash drives, diskettes, etc.

For my case my computer is used by many. I allow others to use mine since computers are not many at my office. However not everybody is responsible. So I believe viruses were transferred to my computer via flash drives.

How to get rid of Kavo Virus?

At my work place, we use Symantec. I discovered that Symantec does not kill Kavo, or even traced it (unable to trace even using 31 December 2007 virus definition). Note: I’m not saying Symantec is not good. It is still better compared to AVG Free. Many antivirus software cannot detect Kavo & some other trojan drops because they use compression and encryption of its files. Whether we like or not, a search of a software that specializing in malware removal is definitely a must. There are many software available such as AGV, Norton and Microsoft Anti-Spyware, however they are not free. So I suggest you to search for any trial version anti-spyware (a trusted one please). In my case, I used UnHackMe (Trial Version) – suitable to team up with Symantec Antivirus without conflicts. Now follow these steps:
  • First of all of course you need to update your virus definition.
  • Disable your system restore.
  • Install and run anti-spyware.
  • Delete all malicious files/applications recommended by your anti-spyware.
  • Reboot system.
  • Run a full system virus scan.
  • You have the option whether to enable your system restore or keep it disable (I do recommend you to enable it and make a restore point)
No need to go to regedit to edit your registry because you will find that your registry is already repaired by this anti-spyware (you can double check if you want). To me this is easier. If your folder option and/or search option are still missing, then go to these websites for solution:

http://wiki.answers.com/Q/How_do_you_get_back_the_Folder_Options_in_Windows_XP

http://help.lockergnome.com/windows/Search-option-missing-Start-Menu-ftopict516539.html

Kavo Virus will evolve! Trust me

As we learn to solve computer virus problems, virus creators will always find ways to enhance the capability of their 'creations' (viruses) until they become more and more difficult to be neutralized. I may be able to solve this problem, perhaps just for now. Things will be more sophisticated next month, or maybe next week. Today Kavo might effect your folder/search option & hidden files, in the future they might be designed to effect your Excel, Words, Messengers, etc. I'm worry that new viruses might be the financial interest of some commercial antivirus vendors. The question is DO YOU TRUST YOUR ANTIVIRUS vendors?

~Izat