Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Kavos virus on Sony Vaio

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Kavos virus on Sony Vaio

Unread postby tdml694 » October 2nd, 2009, 8:43 am

Archive link to previous thread

viewtopic.php?f=12&t=45897

Followed direction from last response on the now archived topic. Removed CA Yahoo! Anti-Spy and also ran Norton removal tool successfully. Downloaded MGADiag.exe and here is the report log.

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-XC4Q9-W7RTD-7Q8G6
Windows Product Key Hash: Py7sqDcPBx6etfYqog5bPl/YZ9E=
Windows Product ID: 55274-OEM-2211906-00826
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {A8AD5648-5833-425E-BF1F-7C3464A2ACA8}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.36.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings:
User Agent:
Default Browser: D:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.dat[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.sig[hr = 0x80070714]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A8AD5648-5833-425E-BF1F-7C3464A2ACA8}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7Q8G6</PKey><PID>55274-OEM-2211906-00826</PID><PIDType>2</PIDType><SID>S-1-5-21-38917306-2780468815-807143145</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>PCV-RZ49(UC)</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2002 </Version><SMBIOSVersion major="2" minor="3"/><Date>20030919000000.000000+000</Date><SLPBIOS>Sony Corporation,Sony Corporation</SLPBIOS></BIOS><HWID>E1AF3D6F01846072</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Sony Electronics Inc.</name><model>UCV096CEUM</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 172F2:GENUINE C&C INC|1DFC0:Sony Corporation|1DFC0:Sony Corporation ITCNC
Marker string from OEMBIOS.DAT: Sony Corporation,Sony Corporation

OEM Activation 2.0 Data-->
N/A

Downloaded StartupLite per recommendation and then reset SP3 Firewall per directions.

I then opened OTL, copied the lines from the codebox and pasted them in the Custom Scans/Fixes box. I then clicked on Run Fix button and let the program run. I had to click ok several times to acknowledge that system files could not be deleted. Scan took quite a while to "empty temporary files". The program then rebooted the machine and when it came back up all the icons on the desktop were gone except IE Explorer, OTL and Recycle Bin. I clicked on the Start Button and rolled mouse over All Programs and the only thing that appeared is the Startup Folder. I checked the C & D drives and all the programs appear to be there but I have nothing in the My Documents folder now and I still can't open the Recycle Bin.

I then downloaded Malwarebytes Anti-Malware to my desktop. When I tried to install and run the software I got the following error message:

Error creating registry key
HKEY_CURRENT_USER/SORTWARE/MALWAREBYTES'ANTI-MALWARE
Reg Create Key Ex failed; code 5
Access is denied.

* I get a similar error message when attempting to re-install my HP All-in-One printer software.
tdml694
Active Member
 
Posts: 11
Joined: September 16th, 2009, 10:41 pm
Advertisement
Register to Remove

Re: Kavos virus on Sony Vaio

Unread postby NonSuch » October 5th, 2009, 7:34 pm

HijackThis log is here:

viewtopic.php?f=11&t=46325

This topic is now closed. Please wait for assistance in the above linked topic. Do not start additional topics.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware