Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

 
 Closed TopicStart new topic
> [Resolved] ckvo.exe and tons of trojans are back, Can't explo, malware came back even after full scan and reformat of PC
knix
post Jul 23 2008, 06:50 AM
Post #1


New Member
*

Group: New Member
Posts: 2
Joined: 23-July 08
Member No.: 80,448
Operating System: Windows XP
Hi. My PC got infected with trojans and other malware. I install Kaspersky AV and it disinfected all (maybe) of them. But each time I double-click any local drive to explore its content, a trojan is detected by the AV - ckvo.exe. Other common malware has the following names:

Trojan.Win32.Vaklik.cdj
Trojan-PSW.Win32.OnLineGames.rxtk
Trojan-GameThief.Win32.OnLineGames.sitj

I backed up my C: files in D: then reformatted my PC. When I reinstall the AV, it detected again the same kind of trojans. Why so? I thought they all have been removed. After another full scan, AV says my PC is protected. BUT when I open My Computer to explore any of 2 local drives, a box appears asking me to choose which program I should choose to open the file. Why is it so? C: and D: drives are not files?! I don't know how did that happen. I have a feeling that these nasties are detected and disinfected but not the root of it all. If you need log file, kindly give details on how to get it.

Below is the report of Kaspersky antivirus:
CODE
Full Scan: completed 7/23/2008 8:18:27 PM   (events: 4, objects: 276365, time: 1:07:33 AM)    
7/23/2008 8:18:28 PM    Task completed            
7/23/2008 8:17:31 PM    Detected: http://www.viruslist.com/en/advisories/26027    D:\WINDOWS\system32\Macromed\Flash\flash.ocx        
7/23/2008 7:41:01 PM    Detected: http://www.viruslist.com/en/advisories/16653    D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE        
7/23/2008 7:10:54 PM    Task started            
Full Scan: completed 7/23/2008 8:18:27 PM   (events: 4, objects: 276365, time: 1:07:33 AM)    
7/23/2008 6:37:11 PM    Task completed            
7/23/2008 6:36:53 PM    Detected: http://www.viruslist.com/en/advisories/26027    D:\WINDOWS\system32\Macromed\Flash\flash.ocx        
7/23/2008 6:35:02 PM    Detected: http://www.viruslist.com/en/advisories/16653    D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE        
7/23/2008 6:27:10 PM    Task started            
Full Scan: completed 7/23/2008 8:18:27 PM   (events: 4, objects: 276365, time: 1:07:33 AM)    
7/23/2008 5:41:52 PM    Task completed            
7/23/2008 5:40:37 PM    Detected: http://www.viruslist.com/en/advisories/26027    D:\WINDOWS\system32\Macromed\Flash\flash.ocx        
7/23/2008 5:18:29 PM    Detected: http://www.viruslist.com/en/advisories/16653    D:\Documents and Settings\Francis\My Documents\Desktop files ver2\Pepsi USB\Symantec\LiveUpdate\LUALL.EXE        
7/23/2008 4:54:43 PM    Detected: http://www.viruslist.com/en/advisories/26027    C:\WINDOWS\system32\Macromed\Flash\flash.ocx        
7/23/2008 4:46:07 PM    Untreated: Trojan-GameThief.Win32.OnLineGames.sitj    C:\Documents and Settings\Francis\Local Settings\Temp\y7vnqv.dll    Postponed    
7/23/2008 4:46:07 PM    Detected: Trojan-GameThief.Win32.OnLineGames.sitj    C:\Documents and Settings\Francis\Local Settings\Temp\y7vnqv.dll        
7/23/2008 4:45:28 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047195.com    Postponed    
7/23/2008 4:45:28 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047195.com        
7/23/2008 4:45:28 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047179.com    Postponed    
7/23/2008 4:45:28 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047179.com        
7/23/2008 4:45:28 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047162.com    Postponed    
7/23/2008 4:45:28 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047162.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047139.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047139.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047123.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0047123.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046123.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046123.com        
7/23/2008 4:45:27 PM    Untreated: Trojan-PSW.Win32.OnLineGames.rxtk    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046077.exe    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan-PSW.Win32.OnLineGames.rxtk    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046077.exe        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046091.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046091.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cba    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046076.exe    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cba    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046076.exe        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046064.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046064.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0045048.com    Postponed    
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046047.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0046047.com        
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0045048.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044797.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044797.com        
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044760.com    Postponed    
7/23/2008 4:45:27 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044727.com    Postponed    
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044760.com        
7/23/2008 4:45:27 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{64E1CE7A-55EE-4D88-8C86-F7CC433F0B1D}\RP86\A0044727.com        
7/23/2008 4:45:26 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000362.com    Postponed    
7/23/2008 4:45:26 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000362.com        
7/23/2008 4:45:26 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000283.com    Postponed    
7/23/2008 4:45:26 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000283.com        
7/23/2008 4:45:26 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000257.com    Postponed    
7/23/2008 4:45:26 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000257.com        
7/23/2008 4:45:26 PM    Untreated: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP6\A0000197.com    Postponed    
7/23/2008 4:45:26 PM    Detected: Trojan.Win32.Vaklik.cdj    D:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP6\A0000197.com        
7/23/2008 4:43:04 PM    Untreated: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000382.exe    Postponed    
7/23/2008 4:43:04 PM    Detected: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000382.exe        
7/23/2008 4:43:03 PM    Untreated: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000360.com    Postponed    
7/23/2008 4:43:03 PM    Detected: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000360.com        
7/23/2008 4:43:02 PM    Untreated: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000281.com    Postponed    
7/23/2008 4:43:02 PM    Detected: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP8\A0000281.com        
7/23/2008 4:43:00 PM    Untreated: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000255.com    Postponed    
7/23/2008 4:43:00 PM    Detected: Trojan.Win32.Vaklik.cdj    C:\System Volume Information\_restore{406C8180-B7CD-4483-BE7F-7AA7411160DD}\RP7\A0000255.com        
7/23/2008 4:41:34 PM    Task started            
Full Scan: completed 7/23/2008 8:18:27 PM   (events: 4, objects: 276365, time: 1:07:33 AM)    
7/23/2008 4:39:02 PM    Task completed            
7/23/2008 4:38:43 PM    Deleted: Trojan.Win32.Vaklik.cdj    C:\WINDOWS\system32\ckvo.exe        
7/23/2008 4:38:43 PM    Disinfected: Trojan.Win32.Vaklik.cdj    HKEY_USERS\S-1-5-21-2025429265-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\kamsoft        
7/23/2008 4:38:42 PM    Detected: Trojan.Win32.Vaklik.cdj    C:\WINDOWS\system32\ckvo.exe        
7/23/2008 4:38:42 PM    Task started            
Full Scan: completed 7/23/2008 8:18:27 PM   (events: 4, objects: 276365, time: 1:07:33 AM)    
7/23/2008 4:34:00 PM    Task completed            
7/23/2008 4:32:53 PM    Task started

Please, please help. This is the worst I have encountered in battling malware so far. wall.gif
Thanks in advance and more power!

PS. Does this HiJackThis tool safe? Sorry if I don't have a hijackthis log. I didn't try it becase I got scared of the pinned WARNING thread about using tools without supervision.

This post has been edited by knix: Jul 23 2008, 11:47 AM
Go to the top of the page
 
+Quote Post
knix
post Jul 26 2008, 09:52 PM
Post #2


New Member
*

Group: New Member
Posts: 2
Joined: 23-July 08
Member No.: 80,448
Operating System: Windows XP
Problem solved.
Please close this thread.
Thank you.
Go to the top of the page
 
+Quote Post
Rorschach112
post Jul 27 2008, 05:26 AM
Post #3


SuperMember
*****

Group: Visiting Teacher
Posts: 2,131
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 23rd November 2008 - 09:23 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2008  IPS, Inc.