All variants of kavo.exe


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Alias
	Cryp_Yayay [Trend Micro] Generic.dx [McAfee] Infostealer.Gampass [Symantec] New Malware.hw [McAfee] PWS-Gamania [McAfee] PWS-LegMir.gen.k [McAfee] PWS-Mmorpg.gen [McAfee] PWS-OnlineGames.a [McAfee] TROJ_LINEAGE.KB [Trend Micro] TROJ_NSANTI.MY [Trend Micro] TROJ_POLYCRYP.AJ [Trend Micro] Trojan Horse [Symantec] Trojan.Lineage.Gen!Pac.3 [PCTools] Trojan.PWS.OnLineGames.BDG [PCTools] Trojan-PSW.Win32.OnLineGames.aes [Kaspersky Lab] TSPY_ONLINEG.HOQ [Trend Micro] TSPY_ONLINEG.HOW [Trend Micro] TSPY_ONLINEG.HQO [Trend Micro] TSPY_ONLINEG.OXO [Trend Micro] TSPY_ONLINEG.SMB [Trend Micro] TSPY_ONLINEG.ULD [Trend Micro] TSPY_ONLINEG.UNT [Trend Micro] TSPY_ONLINEGA.DF [Trend Micro] TSPY_ONLINEGA.DZ [Trend Micro] WORM_AUTORUN.ANE [Trend Micro] WORM_ONLINEG.BKE [Trend Micro] WORM_ONLINEG.CX [Trend Micro] WORM_ONLINEG.GK [Trend Micro] And the list is not finished.
	Information
	The virus kavo.exe spreads from partition including removable drives, the virus copy two files periodically "autorun.inf" and another file, if you delete it from a partition, these two files return into their previous place a few seconds after removal. We are not going to detail every feature of each virus, we will just see them in full. The fix removes all variants kavo even those who are not listed here.
	File
	The virus puts three files in the system directory <System>\kavo.exe <System>\kavo0.dll <System>\kavo1.dll Puts also at least one file .dll in the temporary folder, others are created randomly g4.dll avxah8.dll y.dll ig4au94g.dll iilov9vn.dll ad.dll 7z.dll or.dll kykvfp.dll 88b4ibhq.dll ee2m.dll ecoimwht.dll o8n4e8g9.dll 48d.dll ufe7kt.dll xx.dll And put two files in the root partition of your system: Autorun.inf o.exe nxvhpc.exe ff1q0gw.bat i8.com e6ieg.exe 6qe.com cfv90h.com ab.cmd k2.cmd h2.com u.exe fufb6tq3.cmd ekf6dbg0.com h2.com rtnlpipu.com 1i.com c18vk.exe ntphyy.com The file autorun.inf is always present in the root of all partitions including removable drives, external drives or flash disks, another file accompanies it.
	Registry
	Creates registry entries: HKCU\Software\Microsoft\Windows\CurrentVersion\Run kava = <System>\kavo.exe De cette manière, le fichier kavo.exe est lancé à chaque démarrage du système [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue = 0x00000000 Désactive l'afficahge des fichiers cachés et les fichies systèmes
	ATTENTION
	This virus runs automatically each time you open or explore a partition, it is preferable to download the patch and unpack it on the desktop, reboot your machine in Safe Mode and run the patch, always in safe mode. This virus tries to connect to the adress http://www.1a123.com/hp/zz.rar This entails downloading the file zz.rar. Safe mode tutorial.

Latest fixs:

cftmonn.exe (ksven, Autorun.dhl)
sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
Noooh (Sys.exe, ComSys.dll)
NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
Kxvo.exe and all its variants
Kavo.exe and all its variants
VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here