kva8wr.exe removal
• Symantec: W32.SillyFDC
• Sophos: Mal/Generic-A
• Panda: W32/Lineage.KYR
• Avira: TR/Drop.Agent.agla
• Eset: Win32/PSW.OnLineGames.NNU
This virus was first seen in the February of 2009 and was very recently updated where it even performs activities resembling the working of a Trojan. The virus supports every Windows operating system from Windows 2000 to Windows XP. Luckily, its code cannot be executed in advanced versions of Windows like the Vista or Windows 7 (beta). It injects itself into the system processes such as the explorer.exe or Winlogon.exe, thus executing itself at every system start-up. It creates a list of dlls and might delete several crucial system files with the .sys extension such as cdaudio.sys (CD-ROM audio filter driver). Such files are run in the Services.exe process and belong to the Microsoft Windows Operating system. Deleting them could make the system difficult to run like usual.
The virus generally spreads by adding an autorun.inf and a copy of itself in every removable storage device that is inserted into the system. It also adds a registry key in order to run at every start-up. Just to be sure of this, it also adds a few more registry entries to load its service after every reboot. The virus modifies the Explorer.exe settings such that the "hide files and folders" option doesn't work and even the "superhidden" key is changed in order to hide its .sys files from the User. If not deleted early, the virus might even connect to one or more https from where several malicious files are being downloaded. Now let us take a look at how this threat can be removed.
Manual instructions to remove kva8wr.exe:
Posts that might help you here:
Enabling registry, Enable Safe mode booting, Enabling Command Prompt, Enable hidden files and folders option.
• Sophos: Mal/Generic-A
• Panda: W32/Lineage.KYR
• Avira: TR/Drop.Agent.agla
• Eset: Win32/PSW.OnLineGames.NNU
This virus was first seen in the February of 2009 and was very recently updated where it even performs activities resembling the working of a Trojan. The virus supports every Windows operating system from Windows 2000 to Windows XP. Luckily, its code cannot be executed in advanced versions of Windows like the Vista or Windows 7 (beta). It injects itself into the system processes such as the explorer.exe or Winlogon.exe, thus executing itself at every system start-up. It creates a list of dlls and might delete several crucial system files with the .sys extension such as cdaudio.sys (CD-ROM audio filter driver). Such files are run in the Services.exe process and belong to the Microsoft Windows Operating system. Deleting them could make the system difficult to run like usual.
The virus generally spreads by adding an autorun.inf and a copy of itself in every removable storage device that is inserted into the system. It also adds a registry key in order to run at every start-up. Just to be sure of this, it also adds a few more registry entries to load its service after every reboot. The virus modifies the Explorer.exe settings such that the "hide files and folders" option doesn't work and even the "superhidden" key is changed in order to hide its .sys files from the User. If not deleted early, the virus might even connect to one or more https from where several malicious files are being downloaded. Now let us take a look at how this threat can be removed.
Manual instructions to remove kva8wr.exe:
- Lets begin with repairing the damage done to the registry. In order to do this, reboot your system in the Safe mode. Go to Start --> Run and type "regedit" to open the registry editing tools. Once you're there, navigate to the following registry keys and delete them
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
Look for the key "kvasoft" having the content "%SYSDIR%\kva8wr.exe" on your right and delete it.[HKEY_LOCAL_MACHINE\SOFTWARE\System\CurrentControlSet\Services\KAVsys]
Delete the whole entry since it is useless and filled with the paths to .sys files related to this virus. - Just before you close your registry, search for the file "kva8wr.exe" and "klif.sys" using the find box. If you find any entries consisting of any of these names, just remove their paths from the key.
- As said before, the virus edits the registry in order to hide the files and folders option. Click here to know how to enable it back. Reboot your system once you're done with the registry.
- Now finally it is time to get rid of the virus completely. You might want to use the Command Prompt for this. To get the Command Prompt, go to Start-->Run and type "cmd". When it is opened, type the following exactly as it is. Don't forget to press Enter after every command.
- attrib -r -a -s -h C:\WINDOWS\System\kva8wr.exe
- del C:\WINDOWS\System\kva8wr.exe
- attrib -r -a -s -h C:\WINDOWS\System\drivers\klif.sys
- del C:\WINDOWS\System\\drivers\klif.sys
- attrib -r -a -s -h C:\WINDOWS\System\ahnsbsb.exe
- del C:\WINDOWS\System\ahnsbsb.exe
- Unregister the following dlls (click here to know the process)
C:\WINDOWS\System\bgotrtu0.dll
C:\WINDOWS\System\uweyiwe0.dll
C:\WINDOWS\System\ahnfgss0.dll
C:\WINDOWS\System\ahnxsds0.dll - Now sit back and relax. You're free from the virus.
Posts that might help you here:
Enabling registry, Enable Safe mode booting, Enabling Command Prompt, Enable hidden files and folders option.