Win32/psw.onlinegames.obj
Closed
khanjee
Posts
1
Registration date
Sunday June 15, 2008
Status
Member
Last seen
June 16, 2008
-
Jun 16, 2008 at 06:08 AM
s3riouss - Feb 6, 2009 at 05:05 AM
s3riouss - Feb 6, 2009 at 05:05 AM
Related:
- Tiktok_live_studio-v0.19.0-beta-win32-x64.exe
- TikTok LIVE Studio - Download - Video recording and streaming
- Windows10upgrade9252.exe is not a valid win32 - Guide
- Kmspico exe - Download - Other
- Psiphon3.exe - Download - VPN
- Windows 12 beta download - Guide
7 responses
OK so if you want to get rid of it you can not rely on any antivirus (yet).
I downloaded Total Commander, opened regedit (start->run->regedit->OK), click CTRL+ALT+DEL, in task mamager end the task named EXPLORER.EXE (your explorer will shut down, i.e. desktop, taskbar).
Now go into regedit under [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] delete the entries with kava,ckvo or similar.
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] set Hidden to 1.
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and delete "NoDriveTypeAutoRun" = 145
Open your Total Commander. Go to Configuration->Options->Display. Enable Show hidden/system files.
Go to each of your drives with total Commander and delete the suspicious files(not folders). The names vary from system to system, so i opened my secondary partition(D:) first and the only files there were those infected so i deleted the same files on C:
Now you can open your windows explorer.
To further clean your PC go to C:\Windows\System32\. There delete the files named kavo or ckvo
I got a lot of the info from https://www.eset.com/?page_id=18601
but my nod antivir could do nothing aginst the virus..it kept coming back, maybe next ver.
Hope it helps
I downloaded Total Commander, opened regedit (start->run->regedit->OK), click CTRL+ALT+DEL, in task mamager end the task named EXPLORER.EXE (your explorer will shut down, i.e. desktop, taskbar).
Now go into regedit under [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] delete the entries with kava,ckvo or similar.
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] set Hidden to 1.
Go to [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and delete "NoDriveTypeAutoRun" = 145
Open your Total Commander. Go to Configuration->Options->Display. Enable Show hidden/system files.
Go to each of your drives with total Commander and delete the suspicious files(not folders). The names vary from system to system, so i opened my secondary partition(D:) first and the only files there were those infected so i deleted the same files on C:
Now you can open your windows explorer.
To further clean your PC go to C:\Windows\System32\. There delete the files named kavo or ckvo
I got a lot of the info from https://www.eset.com/?page_id=18601
but my nod antivir could do nothing aginst the virus..it kept coming back, maybe next ver.
Hope it helps
Didn't find the answer you are looking for?
Ask a question
After u have done what frostyandy said, u must also turn off all the restore points & restart. the autorun files of the trojan remain saved in those restore points.
