Kamsoft CKVO.exe malware manual removal instructions

Post  AnishR on Sat Nov 01, 2008 5:50 pm

Description: Troj/Gamania-BW
Name: Kamsoft
Command: C:\windows\system32\ckvo.exe

1. This malware creates following entries in registry so that it executes whenever windows starts

2. Attacks all drives and modifies mount points key in registry so that when you double click on drives they open in new window instead of opening in same window

3. Resets the hidden files attributes.

4. Files associated with this malware that are hidden as system files in all partitions including C:\

5. Files found in C:\windows\system32

Removal instructions:

1. Start the computer in safe mode by pressing F8 during booting

2. Open Registry Editor
Find entries for ckvo and kamsoft and delete all the entries.

delete all the keys starting with {........}
In the above key delete {05ef6149-5e60-11dd-8a88-0003254ecf1b}

3. Open the command prompt
Clear attributes from the virus files
go to C:\>
type attrib so you can see the hidden files in root drive
To clear the attributes of malware files type (I have already mentioned the list of files)
attrib -s -h -r filename
Example: C:\>attrib -s -h -r autorun.inf
D:\>attrib -s -h -r autorun.inf
repeat the above command for all files of malware

Delete the virus files type
del filename
Example: C:\> del autorun.inf
D:\> del autorun.inf
repeat the above command for all files of malware
look for the files of malware in all other partitions and delete them.

go to c:\windows\system32>

type attrib -s -h -r ckvo.exe
attrib -s -h -r ckvo.dll
attrib -s -h -r ckvo0.dll
attrib -s -h -r ckvo1.dll
del ckvo.exe
del ckvo0.dll
del ckvo1.dll

Note: Some files in system32 may not delete then you should logoff once and logon to delete any files associated with this malware

4. Now open Registry editor
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
Change the DWORD value of Checked Value from 0 to 1.
Now go to folder options and change the hidden file attributes and show system files options. You should be able to see all hidden files.

5. Finally turnoff the system restore and turn it on again so the previous restore points will be deleted


This solution works

Post  Roshan on Tue Nov 11, 2008 1:55 pm

Hey Anish,

I was experiencing the same problem of unable to see the hidden files and followed the steps mentioned by you which has sucessfully corrected the prob.

Thanks a ton



