help to remove kxvo.exe please

Discussion in 'Malware Help (A Specialist Will Reply)' started by mikeiow, Dec 11, 2008.

  1. mikeiow

    mikeiow Private E-2

    hi, this thing has been troubling me for hours, my other computer has already been infected. please help me...thank you...attached is my hjt log
     

    Attached Files:

    mikeiow, Dec 11, 2008
    #1
  2. mikeiow

    mikeiow Private E-2

    i've tried using avast anti virus, the problem is that the task manager, regedit and the folder options cannot be accessed. i'm just new here, is the hijackthis log enough for you guys to check it out what the problem is?
     
    mikeiow, Dec 11, 2008
    #2
  3. mikeiow

    mikeiow Private E-2

    sorry being desperate, i just read the FAQs ;) , ive attached the mgtools log. thanks guys...
     

    Attached Files:

    mikeiow, Dec 11, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We also need the logs from running:
    SAS
    MBAM
    ComboFIx
     
    TimW, Dec 14, 2008
    #4
  5. mikeiow

    mikeiow Private E-2

    hi, ive attached the following logs. i think its not a kxvo virus. the MBAM found it to be a 'hijack' infection. it disabled the task manager, folder options and regedit...

    Thank you very much. :p
     

    Attached Files:

    mikeiow, Dec 16, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs look clean..:)

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Dec 16, 2008
    #6
  7. mikeiow

    mikeiow Private E-2

    i have a 'hijack.taskmanager and hijack.folderoption' can't remove it

    good day...i'm not really sure the malware is gone. based on mbam log i have a hijack.folderoptions and hijack.taskmanager. yes sure the task manager, regedit and folder options is enabled after running the combo fix, mbam and sas but after i restarted again the problem seems to comeback.

    is there a way to permanently remove the hijack.folderoptions and the hijack.taskmanager virus?

    thanks again ;)
     
    mikeiow, Dec 16, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please re-run SAS, MBAM and get me also a new MGLogs.zip. :(
     
    TimW, Dec 17, 2008
    #8
  9. mikeiow

    mikeiow Private E-2

    hi, i found out that the auto.vbs or 'AUTOME' virus is keeping the taskmanager, folder options and regedit disabled. i installed kapersky and ran a full scan. After it found and quarantined the virus, i ran combofix to enable the regedit. Using regedit I deleted all the strings that has a "auto.vbs" (please be carefull not to delete the whole thing just the "auto.vbs"). Then I found the "AUTOME" registry. I deleted the whole thing and viola!!! My computer is back to normal. I will buy the kapersky full version soon. This is the only virus scan that detected the virus that's been disabling the tm, fo and regedit. ;)

    can i ask what can you recommend for viruses, malwares that's coming from flash drives???

    Thank you.
     
    mikeiow, Dec 19, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.....:)

    As for malware on flash drives, I would recommend not using them. However, you can use any of the AV's and AS software to scan the drives before you open anything in them. But you can assume that you will be infected as soon as you plug it in. :(
     
    TimW, Dec 19, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds