The kavo malware is a nightmare for many computer users. Even worse, its varieties are booming every day. The automatic removal tools are updated regularly.
In order to remove these malwares, three tools are strongly recommended. They are autoruns, process explorer, and unlocker. These three handy tools will help you to remove these malwares. The following steps are based on these three tools. If you do not have these tools, the solution would be different.
- Installed autoruns, process explorer, and unlocker in your system.
- Restart your system in safe mode (by press F8 during computer booting.)
- Run autoruns.
- Checked autoruns' startup sections.
- Open a command prompt window by running cmd from run.
- Change working folder to the suspected file folder.
- By using "dir /as/ah/od" to show all hidden files.
- By using "attrib –r –h –s filename" to show up the hidden file.
- Remove the file in iv.
- Repeat iv to v till all suspected files are removed.
- Remove entry from startup section.
- Open a command prompt window by running cmd from run.
- In the same command prompt window, doing the following steps.
- Change working folder to c:\.
- Type "attrib –r –h –s autorun.inf".
- Type "type autorun.inf".
- Remove any executable files that show in autorun.inf. In general, these files are hidden files. Therefore, you have to change their file attributes to normal (attrib –r –h –s filename).
- Remove autorun.inf from system.
- Type "mkdir autorun.inf".
- Change your working folder to next drive, such as d:\.
- Repeat ii to vii until all drives have the same procedures.
- Change working folder to c:\.
- Checked autoruns' explorer hook DLLs section.
- Open suspected file's folder.
- Move mouse on the suspected file and right click mouse button.
- Choice unlocker to unlock the suspected file. It may take several times to unlock it.
- Delete this suspected file from system.
- Open suspected file's folder.
Done!
No comments:
Post a Comment