same trojan over and over

  • Thread starter Thread starter Mari
  • Start date Start date
M

Mari

HELP! Nearly every day I keep getting the same trojan:
trojan.downloader.kavSvc or whatever. Why is the real
time protection not blocking this? What do I have to do
to stop getting it?

Thanks.
 
Hello Mary

Have you submitted a tools, suspected spyware report--
detailing what happens on your system?

That's one way to get direct feedback to the product team
that this detection/cleaning isn't working.

1) update both Microsoft Antispyware and your antivirus
application.
2) restart in safe mode by pressing the F8 function key
before the first Windows screen appears at startup.
3) do full deep scans with Microsoft Antispyware. Repeat
scanning until a complete scan comes through clean. Ditto
with the antivirus.

This isn't guaranteed, but it works for a great many items
that at first appear not to be cleaned in normal mode.


Threat: TROJAN.DOWNLOADER.KAVSVC

Alias: NULL

Threat type: Trojan - A Trojan software is any software on
a user's computer that the user is not aware or
intentionally installed. Most Trojan software is designed
to perform some sort of actions that could jeopardize the
user's security or privacy.

Advice: Remove This is a very high risk threat and should
be removed immediately as to prevent harm to your computer
or your privacy.

Threat risk: High Risk
High risk threats typically are remotely exploitable
vulnerabilities, which can lead to system compromise.
Successful exploitation does not normally require any
interaction. May open up communication ports, use
polymorphic tactics, stealth installations, and/or anti-
spy counter measures. May us a security flaw in the
operating system to gain access to your computer.

Description:

Author: NULL

Author URL:

Author description:

TROJAN.DOWNLOADER.KAVSVC Signature Details: The following
information includes some of the standard signatures*
associated with this spyware threat. Please do not attempt
to manually remove these items from your computer;
Removing these items incorrectly or partially can cause
your computer to experience critical errors, prevent your
computer from restarting or cause loss of Internet
connectivity. Should you be infected with
TROJAN.DOWNLOADER.KAVSVC, you can clean your machine of
this spyware threat for free by downloading CounterSpy now.

Running Process Signatures:
process: f1558046.exe: MD5 Hash: ea6470ff613104c6078...
process: f1557734.exe: MD5 Hash: 5f9e0b2e2cce98f4260...
process: kpkrur.exe: MD5 Hash: d1fa8377c32c5263688...
process: cmcbqbc.exe: MD5 Hash: 35eda9c9fd2857e7918...
process: cmcbqbc.exe: MD5 Hash: 1f5c0501f5661f3f998...
process: didn.exe: MD5 Hash: 22c994b743322e5fb4e...
process: tp7543.exe: MD5 Hash: 0be5c938be527835970...

Good luck

Engel
20050726 20:59
 
This is a difficult one,If its what I think it is then
there is alot of hidden files involved which change their
name when you delete them.You probably never really
delete it if your in normal mode but it just changes the
name of the files, Real Time protection isnt designed for
Trojans although it does block a few, now you have it on
your system the real time protection cannot help you.

The genuine Kavsvc relates to Kaspersky Antivirus but its
clear we are not talking about that, It's more likely to
be the Narrator infection.Also because this uses random
names that change it also makes finding the solution
harder because each system has different file names
involved.

You need expert advise on this and using 'Hijack this'
will show most of the bad files and then you can use
other tools to show the hidden files then remove them all
at the same time,The fixes will still need to be run in
safe mode so your best starting with Ewido,MSAS and
Ccleaner then move onto Hijack This if it doesnt remove
it for you,

You can then post your Hijack log over at
SpywareInfo/Greyknight17 or TomCoyoyte and receive help
in removing this.

Also Kevin (Greyknight17) has abit of info on Narrator
but do not follow the advise unless you feel confident as
it involves random files so you really need assistance on
this from experts in a forum enviroment but the guide is
good to let you see whats involved

http://www.greyknight17.com/spy/Tutorials/KavSvc.htm

If you need help with anything just let me know and I
will assist if I can

Regards

Andy
 
Back
Top