I had this malware in my computer and avast couldn’t detect it. I don’t know if avast detects malware or is it just a plain antivirus program and picks up just viruses. I had this Kavo.exe and as far as I was concerned it is deemed dangerous from the sources on the internet.
KAVO.EXE is Troj/Lineag-AW. I couldn’t get rid of it even after formatting my C: as it resides in the registry.
What I am thinking is if someone could tell me … if avast isn’t designed for this kinda threat? Or is avast a trustworthy antivirus.
If someone could shed some light I’d be really grateful.
Please submit the file to virus@avast.com if it’s not recognised.
Put the file in a password-protected ZIP file and mention the password in your email.
Also submit the file to VirusTotal.com if you want to see which other AV’s do or don’t detect it. Bear in mind that no one AV will detect 100% of malware.
Your can remove the registry entry responsible for starting kavo.exe if you are confident editing the registry:
Oh, just that I have already cleaned up my computer using combofix and then ran a search in the registry for Kavo.exe and kavo0.dll after which i deleted the entry.
Sorry to say that I don’t know how to save a virus and send it across, but I just cleaned it up and deleted the registry. Also could you please explain how to send the virus? Of course I can send it through email attachment but while attaching it won’t it affect my computer? What I am trying to say is won’t it affect my computer again if I keep it in my drive and then try to send it via email?
Also I didn’t understand the “hijackthis”. How do I get this log?
Combofix usually saves files it removes in quarantine, if do you could add a copy to the avast chest and send the sample to avast.
Sample submission options.
Send the sample to virus@avast.com zipped and password protected with the password in email body and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
A virus file is inactive unless something starts it- a registry entry at start-up or clicking on it. Sending the file by email will not start it.
HijackThis! is just a tool to examine registry entries and delete malicious ones: as you’ve deleted the registry entry already, no need to worry. The link I posted will explain how to use HijackThis! if you’re interested to know.
Thanks to all you people out there. I am sorry I wasn’t able to post earlier since something happened and I couldn’t to get online. There is just one more thing, when I cleaned up my hard drive using combo fix, it deleted the file called “autorun.inf” and after that when I insert a dvd or a Cd it would not start up automatically nor the pen drive. How can I make it to start up automatically again when I insert a pendrive or a Cd?
Deletion of the autorin.inf shouldn’t have any effect on the windows autostart function, the autorun.inf file is just a text file with instructions on what to run and you couldn’t remove it from a CD.
The pen drive is a different ball game, what is on it that you want to autorun ?
I am using windows xp OS. Earlier when I insert a CD, DVD or pen drive a box would pop up and show me options iif I want to “open folder to view files” or “print”, etc. Now nothing happens.
Generally, not.
You can use TweakUI for XP (from Microsoft) and configure the auto-run options.
There are other free tweakers that do the same. Also, if I’m not wrong, XP has an option to restore the default actions. Sorry, I’m on Vista now…
