Most frivolous Windows users would have had their antivirus shouting at some point of time with a message “Alert! A virus was found” and then popping windows that mention “kavo.exe”. kavo.exe is a smart trojan that installs and autorun.inf in your C:\ making sure it updates itself everytime you connect to the internet. The bad news is that this can be quite irritating and painful as most antivirus software fail to remove it. The good news is that a little bit of common sense can help!
So lets go ahead and get rid of the kavos and tavos on our own!
- First and foremost check for an autorun.inf file in C:\. Open the file and check if has references to kavo or tavo. Delete such a file.
- Delete all files in C:\ that have a “.com” extension.
- Goto C:\Windows\system32\
- Search for “kavo”, you would get results like kavo.exe, kavo.dll, kavo0.dll, kavo1.dll. Go ahead and delete kavo.dll and then kavo.exe. Then try to delete the other kavo dll files. If you get a message that the file are in use and cannot be deleted restart your computer and try deleting them again. In this manner delete all “kavo” files from system32.
- Search for “tavo” and repeat the procedure explained for kavo.
- Now all your bad files are gone and you just need to remove the registry entries.
- Hit Windows+Run and type “regedit”. Browse to HKCU\Software\Microsoft\Windows\CurrentVersion\Run and delete entries that have the name kava and tava. More easily download CCleaner and run the registry scan from it. This will show you all unwanted registry entries. kava and tava would also be listed as we have removed the exes related to them. Click on “Fix selected issues” and do not take a backup of the registry.
- Now delete all weirdly named files from C:\. Typically they would belong to the list below:
- Autorun.inf
- o.exe
- nxvhpc.exe
- ff1q0gw.bat
- i8.com
- e6ieg.exe
- 6qe.com
- cfv90h.com
- ab.cmd
- k2.cmd
- h2.com
- u.exe
- fufb6tq3.cmd
- ekf6dbg0.com
- h2.com
- rtnlpipu.com
- 1i.com
- c18vk.exe
- ntphyy.com
Your system is all clean now.
