컴퓨터/Etc(기타)

kxvo.exe, ojbss9gv.com 바이러스, 악성코드 들...

아우쿠스 2012. 7. 2. 11:27

What is kxvo.exe?

Kxvo.exe is Trojan/Backdoor that spreads from partition, including removable drives. Once installed on PC system, this virus copies the infection file named “autorun.inf” periodically, which reverts automatically whenever PC startup even though being removed from a partition. Moreover, Kxvo.exe deletes other processes from disks and modifies Windows initialization and system configurations.

Do you have kxvo.exe?
If you have enough time and expertise, you can search your computer for kxvo.exe manually. However, it might take hours to find out all files of kxvo.exe, and it is possible that kxvo.exe will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for kxvo.exe
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual kxvo.exe removal instructions
WARNING: The manually removal method is for advanced users. kxvo.exe manually removal can be difficult and time-consuming. There is no guarantee that kxvo.exe can be completely removed, for there are hundreds of files generated when kxvo.exe installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for kxvo.exe removal manually:

Navigate and stop the kxvo.exe processes:
kxvo.exe

Navigate and delete kxvo.exe files:
%System%\kxvo.exe
%Temp%\dwg3gngs.exe
%Temp%\kxvo.exe
%Temp%\new folder\ufjtre.exe
%Temp%\o2g.exe
%Temp%\ufjtre.exe
c:\0liyv.com
c:\1p1f1x.com
c:\32.com
c:\3g.com
c:\3hmhv2k.com
c:\63.com
c:\6qaiu.com
c:\9jjh.com
c:\al8u.com
c:\apj.com
c:\b.com
c:\bhbcdd29.exe
c:\cm.com
c:\cunuqem1.com
c:\dwg3gngs.exe
c:\e.com
c:\e2u.exe
c:\fksvjygh.exe
c:\gsjwyue.com
c:\h8txw.exe
c:\io.com
c:\no.com
c:\o2g.exe
c:\ojbss9gv.com
c:\p3.exe
c:\q3v.com
c:\qyq826j2.com
c:\rsbrj.exe
c:\tkvfd03.exe
c:\ufjtre.exe
c:\ut.com
c:\vl.com
c:\vyi.exe
c:\w1hva13.exe
c:\w2ngo.com
c:\wk.exe
c:\wpfdd.exe
c:\y0gcubk.exe

Navigate and remove kxvo.exe registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run kxva C:\WINDOWS\system32\kxvo.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun [REG_DWORD, value: 00000091]

What are the symptoms of kxvo.exe?

  • kxvo.exe may create a new background service on the machine
  • kxvo.exe may load and execute a system driver file
  • kxvo.exe may delete other processes from disk
  • kxvo.exe may register a dynamic link library file
  • kxvo.exe may inject code into other processes
  • kxvo.exe may modify Windows initialization and system settings used on start up

How do I keep away from kxvo.exe
Once you have cleaned up kxvo.exe, the most important point to prevent kxvo.exe and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against kxvo.exe and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Trojan?

kxvo.exe is a type of Trojan.

Trojan is a general term for malicious program that sneaks into PC system without the user’s permission. Most Trojans exhibit some forms of hostile or malicious behaviors. They can contain a virus, a password grabber or they can be a RAT (Remote Access Trojan) that is designed to allow remote control over your system. Some Trojans contain built in scanners that automatically scan the Network from your computer, looking for another copies of themselves.

As told in the Aeneid by Virgil and mentioned in the Odyssey by Homer, the term Trojan comes from Greek mythology about the Trojan War. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.

Nowadays, Trojan is flooding on the Internet, and a Trojan may be widely redistributed as part of a computer virus. Therefore, Trojan has been one of the leading causes of computer breakings.

 

뭐, 내용 자체는 타 사이트에서 퍼온 것이지만,

워낙에 귀찮은 바이러스라 기록해 두기로 했다.

 

삭제를 위해서는, 수동으로 해당 파일들을 검색해서, 찾아서 지워주어야 하는데,

지워주어야 하는 파일의 경로와 목록은

Navigate and delete kxvo.exe files <- 상기 영문들 중 해당 항목을 참조하면 된다.

-------------------------------------------------------------------------------------------

2013-10-23 내용 추가

시작메뉴의 실행 (또는 Winkey+R)을 눌러서, CMD 실행.

C:\User\xxxxx> 등으로 표기 되는 프롬프트가 나온다면,

C:\User\xxxxx> CD\ [Enter]

C:\> dir /ah /s kxvo.exe (또는 다른 파일명) [엔터]

 

해서 파일을 찾은 폴더에 찾아가서 해당 파일을 삭제하면 됨.

(상황에 따라서, /ah 를 안해도 되는 경우가 있고, /as 를 해야하는 경우도 있음.)