If your drves on double click are opening in new folder & you are not bing able to view your hidden folders & files (even after selecting show hidden flies from tools->folder options...), then you may be infected with this virus.
Well to be sure that you are infected with this virus do the following steps
1. click on start menu 2. click on RUN 3. type in there 'msconfig' without commas 4. go to the last tab named 'startup' 5. under the 'startup item' check if there is any item named 'KAVA'. Well if its there you got this virus.
The virus usually spreads through external drives like flash drives, pen drives etc.
It copies itself to all the drives on being run thus ensuring that the virus is activated as every time any drive is opened.
First of all as the virus hides the hidden files you need a software RRT to unhide them. To download the software click here.
Follow these easy steps to remove the virus
1. Open all the drives in new window (Just like here)
2. In an another window go to C:\windows\system32 folder (if your windows is in drive other than C use another drive letter)
3. Open registry editor by going to start->run->regedit (Registry editing could be dangerous if not done properly so be careful)
4. Now run the RRT utility and click on auto remove. Dont close the utility.
5. The utility helps in keeping hidden files unhidden but the virus keeps hiding the system files every few seconds. So you will have to perform this function every few seconds
Find the Tools option at the top of the window -> folder optiond ->view tab -> untick hide protected operating system(recommended) -> click yes on the warning and click apply
6. Now in the C:\windows\system32 folder trace these files and try deleting them using shift + Delete (You may have to redo 5th step to unhide them)
kavo.exe
kavo0.dll
kavo1.dll
kavo2.dll
kavo3.dll
You may be able to delete all of them except one. Dont worry we will treat with it later.
7. As I have told you earlier that virus copies it self to all the drives we need to proceed to the drives now. You will have to repeat step 5 on each drive atleast once. Its assumed that you have all the drives already opened in new different windows.
8. The virus makes a common file with an extension of .bat(example 1.bat) in each drive. Find out the common .bat file in each folder and delete them along with the autorun.inf file. To enable exensions do the following
Find the Tools option at the top of the window -> folder optiond ->view tab -> untick hide extensions for known file types -> click apply
9. Well now we need to do some registry editing to open registry editor go to
start-> run-> type regedit & enter
10. Go the following key & delete value named 'kava'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Now search thw whole of registry with the name 'kava' and delete all instances where you find it in use with word 'kavo'(Use ctrl + F to search & F3 to find next).
11. Now you are almost done. Just log off and log in again into windows (start->log off) and delete the file from the sixth step which you couldn't. You should be able to do it now.
Well now you are free from the Kavo.exe virus.
No comments:
Post a Comment