Possible Kavos Trojan infection

[shad0wlawz]

I have a question about Kavos first....how does it infect your operating system?  I have read it spreads to every drive it possibly can then propagates from anywhere it can....I messed up recently and dl'd some pictures from a family members pc onto my thumb drive then didn't use the thumb drive until this evening when transferring over some drivers for a pc I am rebuilding.  I load all the drivers, get avast loaded, then start loading office from an image that is on an external hd.  Right before plugging in the external hd, I got an error from avast about an .exe that it didn't like, looked it up on google and found nothing on it.  So I proceeded with connecting the external hd and loading everything up on the freshly built pc.  Reboot and avast then wants to boot scan, it does and gets hung...I cold boot the pc then run a scan once it has booted into XP.  I find out it is infected with Win32: Kavos [Trjn].  I am not afraid to rebuild a pc with a fresh load of XP....I am afraid however that my external hd is infected with Kavos.  I have ran an avast scan on the external hd and it comes back clean.  Is there another product I should be using to scan for files that are lying in wait to infect?  Any help would be appreciated b/c I don't want to end up formatting this external, it has all my digital pics from the last 5 years on it.  I will if I have to but I would rather not if anyone knows if Kavos will propogate to a drive that received no data from another drive that was infected.  Help?

[CharleyO]

***

Welcome to the forums, shad0wlawz.  

Try a boot-time scan with avast making sure it scans all drives including the external drive. Move all related files to the chest.

http://www.avast.com/eng/win32-kavos.html

Also see this link for more information :

http://blog.avast.com/2009/10/15/kavo-a-neverending-story/#more-633


***

[shad0wlawz]

Well here is the issue.....now it has infected my personal pc but it is starting as a rootkit called v1cbvsmq.exe(Win32:Rootkit-gen [Rtk]).  Avast keeps throwing up alerts that malware is found and I keep moving it to the chest.  I can barely type this message b/c Avast is throwing up alarms so quickly.  I plugged my thumb drive in momentarily to scan it last night and it came out clean.  So it suffices to say that my external more than likely has it too.  Any suggestions on getting the files off there without them containing the rootkit?  My machine isn't very new and doesn't recognize USB ports as something to boot from so formatting it would involve infecting it right after it is formatted or infecting the pc that is formatting it if I user another pc.  Should I just scrap it and start over?

[micky77]

As well a sthe boot time scan suggested by Charley, before that I would run autorun eater, make sure you plug in all external drives (one at a time ).Autorun Eater will find and remove the autorun inf files, that allows this threat to spread from one drive to another.There is no point in cleaning your pc, if you reinfect it, after trying to open an external device

http://download.cnet.com/Autorun-Eater/3000-2239_4-10752777.html