Win32:Kavos Impossible to remove

[HeadOnAPike]

I have Windows 7.  I've tried everything said in all the threads related to this that I could find, but I still have 11 files of Kavos in System and Volume Information, a folder that does not appear in C:/  not even with show hidden files and folders.  On top of that, when I try to access it through the address bar (C:/System and Volume Information), it says access denied.  Even after I disabled system restore but it's still there.  I went into safe mode and ran malwarebyte and True Sword complete scans, the latter of which took 12 hours.  They found stuff, but even after that, those 11 files stay put.  What can I do?

[Lisandro]

You can disable/enable Windows System Restore to clean the old infected points.
Generate a new clean one.

Or, you should get rid of your old, possibly infected restore points after creating a clean point:

1. Click Start>All Programs>Accessories > System tools > System Restore
2. In the dialog box that appears  Click in the radio button to Create a Restore Point
3. Click NEXT
4. Enter a name you will remember if you need to find this again (like Clean Point)
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Click Start>All Programs>Accessories > System tools > Disk Clean Up
2. Click OK on the C: drive
3. Click the More Options tab
4. In the System Restore section click the Clean Up button

[HeadOnAPike]

oops, accidental post

[HeadOnAPike]

Sill there.

Why can't I access system volume information directly?

[Lisandro]

Why can't I access system volume information directly?

Windows block that folder. You need to change access rights.
But cleaning the restore points should delete them. If new ones are infected, your computer is infected.

[mkis]

http://forum.avast.com/index.php?topic=56060.msg473402#msg473402

uncheck hide protected operating system files which is two entries down from Show all files and folders on Folder Options

your restore points are entered as RP*, example in yr case RP3. RP4, RP5, RP6

whether deleting these files will solve problem if yr computer is infected is another thing

Then again, how is yr computer running? These restore points entries may simply be verbose - just extra words leftover, not doing anything. You may be clean of viruses.

Edit - please remember to recheck Hide protected operating system files in Folder Options

[HeadOnAPike]

So I got in the folder and the files left over are exe files.  Going into safe mode and loading the corresponding inf files, it points to a file called husyuh8.exe, of which I could find no info in google.  I could not load the inf files in regular mode.  In both modes, I couldn't delete a single file inside of system volume information, even the shortcut I accidently created.  It would ask me if I wanted to send the files to the recycling bin, I click yes and then nothing happens.  I set all the permissions, but something is blocking it.

Also, the folders with the viruses have no size info:


Running disk cleanup or turning off system restore does not delete those three folders.

[essexboy]

When you delete something in system restore you break the chain and that restore point is no longer available - have you deleted your restore points and created a new one ?

XP

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE
  

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

.
VISTA
To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create
  

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

You are now done

[HeadOnAPike]

Added edit to my post, it doesn't work.

[essexboy]

Aye just seen it

Have you ran MBAM in the thorough scan mode ?

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[HeadOnAPike]

From earlier, in safe mode:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.1.7600

2/22/2010 3:16:23 AM
mbam-log-2010-02-22 (03-16-23).txt

Scan type: Full Scan (C:\|D:\|E:\|S:\|)
Objects scanned: 214162
Time elapsed: 38 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[bong2x]

  opps restore point cannot be deleted need unblocker next day when windows automatic update run, your window not genuin anymore nevermind

[HeadOnAPike]

[essexboy]

Yes 

So MBAM did not find it in system restore 

Can you make a new restore point - i.e is system restore functioning

[HeadOnAPike]

Yup, can do that.