Topic: kxvo.exe

[washburn214]

guys need help.. anyone familiar with process called kxvo.exe? is this a virus or what?.. i found it in my startup program.. it is located in C:\windows\system32\kxvo.exe ...when i deleted it,, bumabalik parin xa when i restart my computer.. d ko rin makita xa folder nya (C:\windows\system32\kxvo.exe).. and sometimes my lumalabas na message sa pagkatapos na load ng mga startup program ko( msg nasa sa baba)... d ko po alam kng san ko po nakuha.. waa naman akong pina plug,in na mga flash disk.. and i didnt know when did this happen...can anyone help me what can i do with this?? Windows Xp Sp2 po pla OS ko at d rin po na detect ng eset(AV) ko..

maraming salamat..



Eto pla ung HijackThis result ko:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:13 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\Application\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
--------------------------------------------------------------------------------
 O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
-------------------------------------------------------------------------------
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 4057 bytes

[yayel]

ummm...baka makatulong tong sakin men i pormat mo n lng yung pc mo sa system malamang ang problema n yan kc nag kakaganyan din ang sakin...try mo lng wala nmn atang mawawala basta yung mga mahala isalin mo n lng muna...

[coated_pill]

try this procedure:


- Open Task Manager and in Processes tab end explorer.exe and wscript.exe process

- Open up File –> New Task (Run) in the Task manager

- Type cmd and hit Enter

Type
del /a:h /f c:\autorun.*

if you have multiple drive/partition, repeat this step to all drive/partition, make replacing “C:” with the appropriate drive letter.

- Go to your Windows\System32 directory by typing cd c:\windows\system32

Type dir /a:h /f hbq*.*

- If you see any files named hbq0.dll or hbq0.exe or hbo.exe, use the     

Del /a:h /f avp*.exe
Del /a:h /f avp*.dll

to delete.

- Open up File –> New Task (Run) in the Task manager, Type regedit

- Navigate to:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If there are any entries for kxvo.exe, delete them. Also delete all suspicious items

- Do a complete search of your registry for ntdelect.com or hbq.exe or kxvo.exe and delete any entries you find.

- To Restore Folder Options (“Show hidden files & folders”) Settings, Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
          Explorer\Advanced\Folder\Hidden\SHOWALL

- Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t,  delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.

[bodieph]

 O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

put a check mark in hijackthis on that entry then click fix checked

then delete the file kxvo.exe

after that, just to do some check, go to run and enter kxvo.exe (see what happens). after that, type cmd in run also

then navigate to root directory (CD\)
then type dir /ah

get a screenshot of what it shows (might be needed later)

restart your pc, see if the problem persists

[yuki_JX]

Use other antivirus like sophos antivirus. Yun ang gamit ko ngayon kasi di na mganda AVG. Maganda kasi kung papalit-palit ka ng antivirus kasi ung ibang anti virus pagnagtaggal wa epek na. Kapag manomano ka magtanggal ng virus may may possible threat pa rin yan. May virus nag-ininstall ng other virus lalo na mga worm ngayon.

[washburn214]

ummm...baka makatulong tong sakin men i pormat mo n lng yung pc mo sa system malamang ang problema n yan kc nag kakaganyan din ang sakin...try mo lng wala nmn atang mawawala basta yung mga mahala isalin mo n lng muna...

tol ka reformat ko lang.. 

try this procedure:


- Open Task Manager and in Processes tab end explorer.exe and wscript.exe process

- Open up File –> New Task (Run) in the Task manager

- Type cmd and hit Enter

Type
del /a:h /f c:\autorun.*

if you have multiple drive/partition, repeat this step to all drive/partition, make replacing “C:” with the appropriate drive letter.

- Go to your Windows\System32 directory by typing cd c:\windows\system32

Type dir /a:h /f hbq*.*

- If you see any files named hbq0.dll or hbq0.exe or hbo.exe, use the     

Del /a:h /f avp*.exe
Del /a:h /f avp*.dll

to delete.

- Open up File –> New Task (Run) in the Task manager, Type regedit

- Navigate to:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If there are any entries for kxvo.exe, delete them. Also delete all suspicious items

- Do a complete search of your registry for ntdelect.com or hbq.exe or kxvo.exe and delete any entries you find.

- To Restore Folder Options (“Show hidden files & folders”) Settings, Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
          Explorer\Advanced\Folder\Hidden\SHOWALL

- Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t,  delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.

Tol wala po nangyari.. ganun pa rin.. anjan pa rin ung kxvo.exe 

O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

put a check mark in hijackthis on that entry then click fix checked

then delete the file kxvo.exe

after that, just to do some check, go to run and enter kxvo.exe (see what happens). after that, type cmd in run also

then navigate to root directory (CD\)
then type dir /ah

get a screenshot of what it shows (might be needed later)

restart your pc, see if the problem persists

na fix ko na po boss sa hijackThis tapos..wala na rin xa sa directory (c:\windows\system32).. pag run ko wala naman nangyari..at pagrestart ko ganun pa rin my lumabas pa rin na message (kxvo.exe application error- pareho sa taas).. eto po ung hijackthis result ulit.. jan pa rin xa..

[bodieph]

ok so the registry entry came back

do this, put a check mark on it again, then before you click fix checked, close all open windows (i.e. firefox, my computer, etc etc). click fix checked

restart your pc, see if it still comes back. if it still does, remember the one I told to get a screenshot of earlier? post the screenshot

[washburn214]

Guys Salamat sa Lahat ng tulong nyo.. my problem is solve..(without reformatting..  ).. gusto ko lng xa talaga ma solve.. I actually found a site about my problem..but thanks anyway!! 

sir bodieph  thank you

[kimdracula]

POST THE WEBSITE PLEASE

[coated_pill]

Guys Salamat sa Lahat ng tulong nyo.. my problem is solve..(without reformatting..  ).. gusto ko lng xa talaga ma solve.. I actually found a site about my problem..but thanks anyway!! 

sir bodieph  thank you

Uu nga naman post mo ung site where you actually find the solution so anybody here in Espiya would know how to get along with this problem (specific problem)

It's better to share it ^_^

[washburn214]

sori d ko na maaalala... pinag download lng ako ng combofix..easy lng naman ung instruction.. parang hijackThis lng ang style... then automatic na xa mag fix... 

[xeroxboy]

helo mga bro i also been hit by this. I dont know if it is a virus of spyware..pareho lng tayo delete ko sa starup bumabalik lng after reboot..pano ko to ma delete completely..Pls help sa mga computer experts dyan.By the way im using ESET AV v3.0.642..fully updated naman cya..scan ko na hard drive ko pati folders sa windows n system32..

[washburn214]

helo mga bro i also been hit by this. I dont know if it is a virus of spyware..pareho lng tayo delete ko sa starup bumabalik lng after reboot..pano ko to ma delete completely..Pls help sa mga computer experts dyan.By the way im using ESET AV v3.0.642..fully updated naman cya..scan ko na hard drive ko pati folders sa windows n system32..

tol try mong basahin to baka mkatulong sayo.. ito nga pala yung process na sinunod ko ng pag alis ng kxvo.exe

[xeroxboy]

Thnx pareng washburn 214.already solve the problem..Found out that my external hard drive is infeceted with vb script with autorun..i deleted it manually.hinde kasi ma delete ng NOD32 ko.na di detect nya lng but un able to clean daw.embeded sya sa protected files ng OS.so every time mg startup dinidelete ng NOD32 ung file sa system 32 kaya wala sya sa dun every time ko sinisearch..ung na delete ko na wala na rin sa startup entries..

[chong]

try ccleaner, download nyo sa filehippo.com.

[kikomantot]

Ah, this is the kavo virus, nainfect din ako nito, pero this can be easily removed. try using kavo killer. google niyo lang, tangal agad yan. just follow the procedures.

[xmeringhoy]

HIJACK NYO LNG BRO...OR PUNTA K SA RUN THEN TYPE --->MSCONFIG----> STARTUP UNCHECK MO UN KXVO.EXE DEN APPLY DEN RESTART MO LNG...GAMIT K DEN NG CCLEANER..

[MANI-AL]

try this fix  send me email ill send you the kxvofix..

its a scriipt file i hpoe it works

[azaznin]

download nood leers anti virus program.. tpos scan mo pc mo.. tpos lagyan mo n din ng deepfreeze pra tapos

[critchfield99]

search sa google kxvo killer... daming steps kung paano kill sa trojan