Friday, March 14, 2008

Removing Kavo.exe Virus

Just recently, Yahoo Messenger in my computer acted strangely, first it disappeared every time I log in then after some time even before logging in it will now display an "exception breakpoint error." What's this?

I scanned my system with McAffee however, No virus or trojan found and yet the problem is still there. I uninstalled yahoo messenger and installed it again. No success, still same problem. I hit the net and researched more about my problem. I got lots of hits but no real viable solution. However, I found temporal solution:
  1. Run Task Manager (CTRL-ALT-DEL)
  2. End explorer.exe process
  3. Then run it again as a new task.
  4. After which, YM! will run successfully.
Well, my Y! Messenger worked but I don't feel comfortable doing that process everytime I started my computer and decided to run YM! Plus the fact that there maybe some malicious code or program responsible for such mess.

So i tried researching more about it trough with good ol Google. You can see the search result from google when I keyed in "yahoo messenger disappear during login" in the search bar. Browsing through the results I found out that it was somewhat related to certain virus (e.g. AMVO.exe). You should find this amvo.exe when you look into your windows task manager. Problem is there's not AVMO listed in my task manager processes. Although, there is one suspicious looking program: Kavo.

So coming back to google, this time looking for Kavo. Whoa! this time I think I was finally able to hit the culprit. Kava.exe is trojan or malware!

Here's a little bit of info about Kavo.exe from TrendMicro Virus-trojan-work encyclopedia

Arrival and Installation - This worm arrives via removable drives and physical drives. […] Autostart Technique - It creates a registry entry to enable automatic execution at every system startup. […] Propagation Routine - This malware propagates via removable drives and physical drives by dropping a copy of itself as NTDELECT.COM. It also drops its non-malicious component file AUTORUN.INF to automatically execute dropped copies when the said drives are accessed. […]

So now its time to look for a removal procedure to eliminate this as my anti-virus programs are incapable of detecting and removing it. Luckily, after half an hour of surfing I came across this blog which provided a quick and easy solution to remove this trojan.

To remove Kavo-NTdelect go to this link


Ramesh said...

Useful Info provided Thanx a lot!! I too faced this kind of problem. Now it has been solved. Once again Thanx!!!

jeferrer said...

You are most welcome!