How to get rid of tavo.exe, kavo.exe trojan « Curiouser and curiouser!

Stranica 1

Curiouser and curiouser!

Divya Dinakar’s blog

The Looking Glass

About
Tutorials
Haikus
Recently

« Doors

How to get rid of tavo.exe, kavo.exe trojan

July 24, 2008 – 1:39 am
Posted in Windows, tips n tricks, trivia, tutorials
Tagged kavo, tavo, virus fix, Windows

Most frivolous Windows users would have had their antivirus shouting at some point of time with a message “Alert! A virus was found” and
then popping windows that mention “kavo.exe”. kavo.exe is a smart trojan that installs and autorun.inf in your C:\ making sure it updates itself
everytime you connect to the internet. The bad news is that this can be quite irritating and painful as most antivirus software fail to remove it.
The good news is that a little bit of common sense can help!
So lets go ahead and get rid of the kavos and tavos on our own!

First and foremost check for an autorun.inf file in C:\. Open the file and check if has references to kavo or tavo. Delete such a file.
Delete all files in C:\ that have a “.com” extension.
Goto C:\Windows\system32\
Search for “kavo”, you would get results like kavo.exe, kavo.dll, kavo0.dll, kavo1.dll. Go ahead and delete kavo.dll and then kavo.exe.
Then try to delete the other kavo dll files. If you get a message that the file are in use and cannot be deleted restart your computer and try
deleting them again. In this manner delete all “kavo” files from system32.
Search for “tavo” and repeat the procedure explained for kavo.
Now all your bad files are gone and you just need to remove the registry entries.
Hit Windows+Run and type “regedit”. Browse to HKCU\Software\Microsoft\Windows\CurrentVersion\Run and delete entries that have
the name kava and tava. More easily download CCleaner and run the registry scan from it. This will show you all unwanted registry
entries. kava and tava would also be listed as we have removed the exes related to them. Click on “Fix selected issues” and do not take a
backup of the registry.
Now delete all weirdly named files from C:\. Typically they would belong to the list below:

Autorun.inf
o.exe
nxvhpc.exe
ff1q0gw.bat
i8.com
e6ieg.exe
6qe.com
cfv90h.com
ab.cmd
k2.cmd
h2.com
u.exe
fufb6tq3.cmd
ekf6dbg0.com
h2.com
rtnlpipu.com
1i.com
c18vk.exe
ntphyy.com

Your system is all clean now.

Possibly related posts: (automatically generated)

More Netstat Tricks.

Latest Zhelatin Emails
Photoshop CS .PSD Thumbnails in Windows Explorer

http://divyad.wordpress.com/2008/07/24/how-to-get-rid-of-tavoexe-kavoexe-trojan/ 15.8.2008 20:13:03

How to get rid of tavo.exe, kavo.exe trojan « Curiouser and curiouser! Stranica 2

« Doors

2 Comments

1.
Buy Antivirus Software
Posted July 30, 2008 at 3:41 pm
Permalink

Thank for post.It’s very interesting for me.

2.
divya
Posted July 31, 2008 at 8:36 am
Permalink

And why is that so?

Post a Comment
Name *

Email *

Website

Comment

Post Comment »

Search

Find »

Top Posts
Install Skype on Ubuntu 8.04 (Hardy Heron) + configure sound
How to get rid of tavo.exe, kavo.exe trojan
Install Skype on Ubuntu Gutsy-7.10 AMD 64
Quick Bugzilla Tutorial
Install Skype 2.0 beta on Ubuntu Gutsy(7.10) AMD64
Install picasa on hardy (Ubuntu 8.04)
How to display ANY view in the advanced profile page in Drupal
SpikeWAMP- the newest WAMP stack in town
Linking C++ to C code using gcc
Ubuntu 7.10 (Popular) Repository Guide

Blog Information Profile for divyad

Blog Stats
54,800 hits

http://divyad.wordpress.com/2008/07/24/how-to-get-rid-of-tavoexe-kavoexe-trojan/ 15.8.2008 20:13:03

How to get rid of tavo.exe, kavo.exe trojan « Curiouser and curiouser! Stranica 3

Search

Find »

Blogroll
Carlos Cardona
Kunal Kumar
Nirmal Thacker
Robert Scoble
Sahil Ramani
Vinod G
Vishal Thacker

RSS Feeds
All posts
All comments

Meta
Log in

Blog at WordPress.com. Theme: ChaosTheory.

http://divyad.wordpress.com/2008/07/24/how-to-get-rid-of-tavoexe-kavoexe-trojan/ 15.8.2008 20:13:03