Author Topic: Pakes.KVV  (Read 407 times)

Offline Dichotomy

  • Plutonium Member
  • *******
  • Posts: 12386
Pakes.KVV
« on: October 31, 2011, 09:29:23 PM »
anybody got any experience with this one?  I don't get viruses but I have a friend that's in crises and I may have to help him out.
JG11 - Dicho37Only The Proud Only The Strong AH Players who've passed on :salute

Offline gyrene81

  • Plutonium Member
  • *******
  • Posts: 11629
Re: Pakes.KVV
« Reply #1 on: November 01, 2011, 07:35:48 AM »
wow, win32.pakes that's an ugly trojan, 100+ variations of it too. other than a full reload of the system you might be albe to remove it the hard way, i.e. by hand. look for the process psc_mon.exe(?) that should be the resident process that starts it up. as old as it is, once you kill the resident process, you might be able to get rid of it with trend micro's free housecall applet...


it can be messy deleting everything affected...

systemroot+\system32\lmqfg.dll
iexplore0.dll

systemroot+\system32\lmqfg.dll
{b53082b8-b49c-4ba6-81ff-7c41da1cd87c}
auf0.exe
cfhxxd.exe
ffcfbbb.exe
iexplore.exe
iexplore0.dll
v1200351p.epe
systemroot+\system32\kaqwyy.exe
systemroot+\system32\lmqfg.dll
iexplore0.dll
iexplore.exe
systemroot+\system32\kaqwyy.exe
ffcfbbb.exe
cfhxxd.exe
auf0.exe

registry key:
hkey_local_machine\software\microsoft\windows\currentversion\
setup\{b53082b8-b49c-4ba6-81ff-7c41da1cd87c}
jarhed  
Build a man a fire and he'll be warm for a day...
Set a man on fire and he'll be warm for the rest of his life. - Terry Pratchett

Offline Dichotomy

  • Plutonium Member
  • *******
  • Posts: 12386
Re: Pakes.KVV
« Reply #2 on: November 01, 2011, 08:34:31 AM »
Doesn't take a rocket scientist to figure out what he was doing when he got that.  *sigh* looks like I'm ripping and rebuilding a computer this weekend. 

Got any ideas on recovery of his data?  He says he can't see his drives. 
JG11 - Dicho37Only The Proud Only The Strong AH Players who've passed on :salute

Offline gyrene81

  • Plutonium Member
  • *******
  • Posts: 11629
Re: Pakes.KVV
« Reply #3 on: November 01, 2011, 10:43:31 AM »
if he can't read his drives, something got loaded that took ownership and hid the drive(s).

you could try running this from a command prompt... attrib -h -s *.* /S /D

jarhed  
Build a man a fire and he'll be warm for a day...
Set a man on fire and he'll be warm for the rest of his life. - Terry Pratchett

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9606
Re: Pakes.KVV
« Reply #4 on: November 01, 2011, 11:06:53 AM »
Once again, what I'd use to make saving files a little safer if not fixing the whole issue:

Download and burn F-secure rescue cd. Boot from the cd, it starts a simple Linux distro. Update the program and run a full scan.

If Windows is bootable after the scan, download (on a memory stick with another machine) ComboFix from BleepingComputer and run it, preferably in Safe Mode with Networking.

If you feel like you could actually get the machine cleaned, follow with Malwarebytes' AntiMalware, followed with known-reliable online virus scanners and Super AntiSpyware, available also as portable. SAS also has some nice clickable tools to reset various settings.

Quote from: BaldEagl, applies to myself, too
I've got an older system by today's standards that still runs the game well by my standards.

Kotisivuni

Offline Dichotomy

  • Plutonium Member
  • *******
  • Posts: 12386
Re: Pakes.KVV
« Reply #5 on: November 01, 2011, 02:08:07 PM »
Thanks gents I'll give it a shot then give him a stern lecture on safe internet browsing.   :bhead

So long as I can get his data off I'll reformat to be safe and probably put some additional protection on his machine. 
JG11 - Dicho37Only The Proud Only The Strong AH Players who've passed on :salute