Description: Troj/Gamania-BW
Name: Kamsoft
Command: C:\windows\system32\ckvo.exe
This malware creates following entries in registry so that it executes whenever windows starts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Kamsoft"=C:\windows\system32\ckvo.exe
Attacks all drives and modifies mount points key in registry so that when you double click on drives they open in new window instead of opening in same window
Example:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ef6149-5e60-11dd-8a88-0003254ecf1b}\shell\Autoplay\DropTarget
Resets the hidden files attributes.
Files associated with this malware that are hidden as system files in all partitions including C:\
39lpji.com
ktnquo.exe
vxl.exe
oq.cmd
fe.bat
kk3.bat
rs.cmd
autorun.inf
Files found in C:\windows\system32
ckvo.exe
ckvo0.dll
ckvo1.dll
Removal instructions:
Start the computer in safe mode by pressing F8 during booting
Open Registry Editor
Delete the value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Kamsoft"=C:\windows\system32\ckvo.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
delete all the keys starting with {........}
Example:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ef6149-5e60-11dd-8a88-0003254ecf1b}
In the above key delete {05ef6149-5e60-11dd-8a88-0003254ecf1b}
Open the command prompt
go to C:\>
type attrib so you can see the hidden files in root drive
To clear the attributes of malware files type
attrib -s -h -r filename
Example: C:\>attrib -s -h -r autorun.inf
D:\>attrib -s -h -r autorun.inf
repeat the above command for all files of malware
To delete the virus files type
del filename
Example: C:\> del autorun.inf
D:\> del autorun.inf
repeat the above command for all files of malware
look for the files of malware in all other partitions and delete them.
go to c:\windows\system32>
type attrib -s -h -r ckvo.exe
attrib -s -h -r ckvo.dll
attrib -s -h -r ckvo0.dll
attrib -s -h -r ckvo1.dll
del ckvo.exe
del ckvo0.dll
del ckvo1.dll
Some files in system32 may not delete then you should logoff once and logon to delete any files associated with this malware
Now open Registry editor go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
Change the DWORD value of Checked Value from 0 to 1.
Now go to folder options and change the hidden file attributes and show system files options. You should be able to see all hidden files.
Finally turnoff the system restore and turn it on again so the previous restore points will be deleted
Kamsoft CKVO.exe malware manual removal instructions
Free personal firewalls
A firewall can offer complete protection from inbound and outbound communications occuring from a system. It allows and denies communication based on a set of rules. It can help in saving internet bandwidth and also protects from hackers with intrusion prevention. It helps in preventing identity theft.
Below is list of free personal firewalls for windows
Comodo Firewall Pro 3.0.22.349 Get it now
Online Armor Personal Firewall 2.1.0.131 Free Get it now
PC Tools Firewall Plus 4.0.0.45 Get it now
ZoneAlarm free firewall Get it now
Rootkit Removal tools
A rootkit is a program or a set of programs used to take control of a computer in future. This rootkit is installed by an attacker once he gains access to compromised system. A rootkit may alter the normal execution flow of an application by a process called "hooking". It can also hide itself by hiding the processes and registry keys belonging to it. A rootkit can be used by attacker in future to access the compromised computer at his will.
Below are the free rootkit removal tools
DarkSpy
DarkSpy Anti-Rookit is a multiway-based detection tool for rootkit detection. It internally combines many effective detection techniques, including DarkSpy's own handlers and also methods used by other famous tools.
Get it here
Rootkit Revealer
This rookit revealer freeware from sysinternals detects persistent rootkits on windows 4.0 and higher.
Get it here
Sophos Anti-Rootkit
It finds and removes any rootkit that is hidden on your computer using advanced rootkit detection technology.
Get it here
VPanda AntiRootkit 1.07
Deactivates any unknown rootkits found on your system. Various improvements have also been made to the disinfection of unknown rootkits, some false positives reported by some of you, and more deactivation routines.
Get it here
Free antivirus softwares
BitDefender
BitDefender Free Edition is an on-demand virus scanner which incorporates BitDefender scanning engines. This is one of the top rated antivirus in reviews
Click here to get it.
Avast Home Edition
It is available free for home use. It provides continuous protection against all forms of malicious software (malware).
Click here to get it
Download links of other free antivirus softwares are listed below:
AVG Antivirus
Avira Antivirus
PC Tools Antivirus
Mcafee
PC Tools Threatfire
