Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Ckvo0.dll


  • Please log in to reply
3 replies to this topic

#1 Alexandros.Inc

Alexandros.Inc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mexico
  • Local time:09:50 AM

Posted 23 July 2008 - 06:36 PM

Hi everybody

I had two computers infected with ckvo0.exe, ckvo1dll..... :thumbsup:

and also i found that this malware was associated with the autorun.inf file. :trumpet:

I read in another post the solution and it helped me alot.

http://www.bleepingcomputer.com/forums/t/157197/infected-with-a-virus-named-autoruninf/
[post="http://www.bleepingcomputer.com/forums/t/157197/infected-with-a-virus-named-autoruninf/"]http://www.bleepingcomputer.com/forums/t/157197/infected-with-a-virus-named-autoruninf/[/post]

But it only helped me to clean my Laptop, because it is windows XP with service pack 2

Now i tried the same with my pc
but my Pc system is

Windows XP with service pack 3!!!

I dont know what can I do now! how could I run the combofix software using service pack3!!??

I did the scnas with the Malwarebytes' Anti-Malware software and I also used the FlashDisinfector.

But im not sure if i need to run the combofix software, when i ran it on my laptop i found more malware that the combofix deleted, they were this programs.

C:\Autorun.inf
C:\WINDOWS\a.exe
D:\Autorun.inf

My Malwarebytes' Anti-Malware log is:

Malwarebytes' Anti-Malware 1.22
Versión de la Base de Datos: 984
Windows 5.1.2600 Service Pack 3

05:30:59 p.m. 23/07/2008
mbam-log-7-23-2008 (17-30-59).txt

Tipo de examen : Examen Rápido
Objetos examinados: 57565
Tiempo transcurrido: 13 minute(s), 18 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 4
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 0
Ficheros Infectados: 2

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\TypeLib\{ce7c3ce2-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ce7c3cef-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\RECYCLER\S-1-5-21-484763869-1637723038-839522115-1003\Dc10\Key Generator.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieso0.dll (Worm.OnlineG) -> Quarantined and deleted successfully.



thankyou i hope you can help me with this. :flowers:

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:50 AM

Posted 23 July 2008 - 08:40 PM

Hello Alexandros.Inc and welcome to BC :thumbsup:

I have moved your post from the HiJack This forum to the Am I Infected forum as it did not contain the DSS log. First some warnings based on what you have written above.

I read in another post the solution and it helped me alot.


Everyone's computer is different with a different arrangement of software. Malware removal instructions, particularly in the HiJack This forum are tailored for a specific person's computer and that specific infection. Someone following those directions on a computer those directions weren't intended for can cause serious problems with that computer.

how could I run the combofix software using service pack3!!??


ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please let us know what other security programs you have installed besides Malwarebytes.

ckvo0.exe, ckvo1dll


How did you determine the presence of these?

and also i found that this malware was associated with the autorun.inf file


How did you discover this?

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Todaro

Todaro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 10 August 2008 - 08:01 PM

Hi folks,

I'm interested in this thread too.

A friend of mine got this ckvo0.dll on her computer too. She runs Win XP Pro SP3 with Avast antivirus.

I've googled a lot before deciding to post here. I haven't been able to find conclusive information about how to remove that thing.

I tell Avast to remove the infected file but it reappears on every new boot.

Could anyone give me a tip please?

Thanks!

#4 mergen

mergen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 07 September 2008 - 12:33 AM

Alexandros and Todaro,

I am experiencing the same problem. I have windows service pack 3. And, I have installed Spybot with Teatimer (protects registry) and Online Armor for firewall along with Avast for antivirus. Although I have ran Avast in boot-time and one item that was found was deleted, on every other windows start, teatimer does not load. On the other times when everything loads fine, I get an Avast warning message about AVKO0.dll.

Thanks to the registry protection, I don't think AVKO has been able to do much damage on my PC. Still, I cannot remove the darn thing. What do I need to do?

Please advise. Thank you.
MC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users