Hi All,

My pc was infected by virus, i guess. When i shut down, it prompt me "rundll32.exe" not responding. When start up, it will prompt up "error loading c:\windows/system32/ccwld16_080326.dll" and "error loading c:\windows/system32/3fadll" saying that this specified module could not be found. My pc will keep on pop up "error loading c\:windows/downlo~1/621sc.dll when i'm using it.

Beside the above, when i suft net, my IE will freezed when i click on any link or when i type in the address in IE tab bar. For example: when i sign up for lowyat, i need to confirm my registration by clicking some link from my email, but it freeze and i have us use ctrl & alt to close it. Otherwise, it will freeze there loading. It cause lots of inconvenience to me.

I've scanned using Spyeraser but the free version only allowed me to scan but no remove service provided. Other software like adaware and avg, avast can't help my problem. Please refer to the below for the log file from spyeraser software:

Start Date:September 10, 2008 at 03:06:45PM

End Date:September 10, 2008 at 03:12:24PM

Total Time:5 Mins 39 Secs
Detected Infections

Cookie.Tracking-Cookie
Details: A Tracking Cookie is any cookie that is installed on a computer to save and access various activities of the user. It may be used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and scrutinize visitors' navigation and use of web site features. It can also count the number of visitors to web sites and allow web surfers to use virtual "shopping carts". All this information is saved for future target advertising and marketing campaigns by various internet Advertising and Marketing companies. Though these cookies do not pose immediate threats but they can be misused to capture confidential information like user names and passwords.
Status:No Action taken
Category: Tracking Cookie



Infected Cookies
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt
C:\Documents and Settings\user\Cookies\user@xiti[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[4].txt

Cookie.DoubleClick
Details: A Tracking Cookie is any cookie that is installed on a computer to save and access various activities of the user. It may be used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and scrutinize visitors' navigation and use of web site features. It can also count the number of visitors to web sites and allow web surfers to use virtual "shopping carts". All this information is saved for future target advertising and marketing campaigns by various internet Advertising and Marketing companies. Though these cookies do not pose immediate threats but they can be misused to capture confidential information like user names and passwords.
Status:No Action taken
Category: Tracking Cookie



Infected Cookies
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt

Malware (General Components)
Details: Malware is a malicious program that is developed to seriously harm and damage the targeted system and may be installed on it without the knowledge or consent of the user. It can change system settings, corrupt the registry and destroy personal data. The Programs that cannot be classified in other categories or carry more than one traits which belong to different categories have been categorized under this categories.
Status:No Action taken
Category: Malware (General)



Infected files detected

FileName: c:\windows\system32\kavo1.dll
MD5: b60e1b788b0d248305dff1a7e4cc6048 (187392 Bytes)

FileName: c:\windows\system32\kavo.exe
MD5: 6651fcbbcb100f9b608e47a503588690 (117194 Bytes)

FileName: c:\windows\system32\kavo0.dll
MD5: b859812358da146372ff243edc8341a3 (187392 Bytes)
Infected registry keys/values detected
hkey_classes_root\appid\activex.dll\
hkey_classes_root\appid\activex.dll\appid\
hkey_classes_root\iehpr.invoke.1\
hkey_classes_root\iehpr.invoke\
hkey_local_machine\software\classes\iehpr.invoke.1\clsid\
hkey_local_machine\software\classes\iehpr.invoke.1\
hkey_local_machine\software\classes\iehpr.invoke\clsid\
hkey_local_machine\software\classes\iehpr.invoke\curver\
hkey_local_machine\software\classes\iehpr.invoke\


Details:
Status:No Action taken
Category:




RCS.TeamViewer
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\.current\
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\.default\

RCS.TightVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_deferral\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_getupdaterect\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_keypress\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_lbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_mbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_rbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_timer\
hkey_current_user\software\orl\vnchooks\application_prefs\
hkey_current_user\software\orl\winvnc3\autoportselect\
hkey_current_user\software\orl\winvnc3\idletimeout\
hkey_current_user\software\orl\winvnc3\inputsenabled\
hkey_current_user\software\orl\winvnc3\localinputsdisabled\
hkey_current_user\software\orl\winvnc3\locksetting\
hkey_current_user\software\orl\winvnc3\onlypollconsole\
hkey_current_user\software\orl\winvnc3\onlypollonevent\
hkey_current_user\software\orl\winvnc3\password\
hkey_current_user\software\orl\winvnc3\passwordviewonly\
hkey_current_user\software\orl\winvnc3\pollforeground\
hkey_current_user\software\orl\winvnc3\pollfullscreen\
hkey_current_user\software\orl\winvnc3\pollundercursor\
hkey_current_user\software\orl\winvnc3\removewallpaper\
hkey_current_user\software\orl\winvnc3\socketconnect\
hkey_local_machine\software\orl\winvnc3\default\

Adware.FlashEnhancer
Details: Adware programs secretly embed themselves on the victim抯 computer, hijack the browsing habits and search keywords and then display advertisements accordingly. The ads can include pop-ups, pop-unders, banners, or links etc. It may launch at system startup and modify the browser settings such as the home page, search page and the error page. It results in the browser as well as the system slow down and hence the user is recommended to remove this program.
Status:No Action taken
Category: Adware



Infected registry keys/values detected
hkey_current_user\software\xml\

RCS.UltraVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\appevents\eventlabels\vncviewerbell\
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\
hkey_current_user\appevents\schemes\apps\vncviewer\
hkey_current_user\software\orl\winvnc3\
hkey_local_machine\software\orl\winvnc3\

RAT.WinVNC-based.h
Details: A remote administration tool is a program that enables a user to control a system remotely. It can access files, restart ?shutdown the system and even format the hard drive of the victim抯 machine. Such programs are basically used by administrators of a network to keep a watch on the peers. It generally works in the stealth mode and can start automatically at system boot-up. This program may pose grave security and privacy threats and hence the user is advised to remove this program from the system if not installed for a legitimate purpose.
Status:No Action taken
Category: Remote Administration Tool



Infected registry keys/values detected
hkey_current_user\software\orl\winvnc3\querysetting\
hkey_current_user\software\orl\winvnc3\querytimeout\

RAT (General Components)
Details: A remote administration tool is a program that enables a user to control a system remotely. It can access files, restart ?shutdown the system and even format the hard drive of the victim抯 machine. Such programs are basically used by administrators of a network to keep a watch on the peers. It generally works in the stealth mode and can start automatically at system boot-up. This program may pose grave security and privacy threats and hence the user is advised to remove this program from the system if not installed for a legitimate purpose.
Status:No Action taken
Category: Remote Administration Tool



Infected registry keys/values detected
hkey_current_user\software\orl\vnchooks\

RCS.RealVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_local_machine\software\orl\

Malware.Malware-(General-Components)
Details: Malware is a malicious program that is developed to seriously harm and damage the targeted system and may be installed on it without the knowledge or consent of the user. It can change system settings, corrupt the registry and destroy personal data. The Programs that cannot be classified in other categories or carry more than one traits which belong to different categories have been categorized under this categories.
Status:No Action taken
Category: Malware (General)



Infected files detected

FileName: c:\windows\6.tmp
MD5: d41d8cd98f00b204e9800998ecf8427e (0 Bytes)

Trojan-Downloader (General Components)
Details: A Trojan Downloader is a program that is usually installed through an exploit or some other erroneous channels. The key objective of this program is to download malevolent code or other malwares and unwanted softwares on the user抯 system. Downloaders can also be written in script languages such as VB Script and Java Script. These programs often make use of Microsoft Internet Explorer vulnerabilities. A Trojan downloader, when executed, normally installs itself on to the system and waits for the user to connect to the Internet. Once the internet connection is available, it endeavors to connect to a web or ftp site, download specific file or files and run them. These downloaded files may harm the system and result in malfunctioning of the system.
Status:No Action taken
Category: Trojan-Downloader



Infected files detected

FileName: c:\windows\2.tmp
MD5: 4316e55df1b80f5bd5f143bfffd271ef (24576 Bytes)

Trojan-Downloader.Adload.ko
Details: A Trojan Downloader is a program that is usually installed through an exploit or some other erroneous channels. The key objective of this program is to download malevolent code or other malwares and unwanted softwares on the user抯 system. Downloaders can also be written in script languages such as VB Script and Java Script. These programs often make use of Microsoft Internet Explorer vulnerabilities. A Trojan downloader, when executed, normally installs itself on to the system and waits for the user to connect to the Internet. Once the internet connection is available, it endeavors to connect to a web or ftp site, download specific file or files and run them. These downloaded files may harm the system and result in malfunctioning of the system.
Status:No Action taken
Category: Trojan-Downloader



Infected files detected

FileName: c:\documents and settings\user\local settings\temp\cml23.tmp
MD5: 58f95f1d32ffdfb817600d73a259ce8c (450560 Bytes)

FileName: c:\documents and settings\user\local settings\temp\cml3a.tmp
MD5: ce3a554190f6f1b89ef686a654855dac (860160 Bytes)

Adware.bho.jw
Details: Adware programs secretly embed themselves on the victim抯 computer, hijack the browsing habits and search keywords and then display advertisements accordingly. The ads can include pop-ups, pop-unders, banners, or links etc. It may launch at system startup and modify the browser settings such as the home page, search page and the error page. It results in the browser as well as the system slow down and hence the user is recommended to remove this program.
Status:No Action taken
Category: Adware



Infected files detected

FileName: c:\documents and settings\user\local settings\temp\cml25.tmp
MD5: 604f615bf7963c2f7015db84236b646c (450560 Bytes)




--------------------------------------------------------------------------------

Start Date:September 11, 2008 at 10:23:46AM

End Date:September 11, 2008 at 10:27:52AM

Total Time:4 Mins 6 Secs
Detected Infections

Cookie.Tracking-Cookie
Details: A Tracking Cookie is any cookie that is installed on a computer to save and access various activities of the user. It may be used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and scrutinize visitors' navigation and use of web site features. It can also count the number of visitors to web sites and allow web surfers to use virtual "shopping carts". All this information is saved for future target advertising and marketing campaigns by various internet Advertising and Marketing companies. Though these cookies do not pose immediate threats but they can be misused to capture confidential information like user names and passwords.
Status:No Action taken
Category: Tracking Cookie



Infected Cookies
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt
C:\Documents and Settings\user\Cookies\user@xiti[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[4].txt
C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[5].txt

Cookie.FastClick.com
Details: A Tracking Cookie is any cookie that is installed on a computer to save and access various activities of the user. It may be used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and scrutinize visitors' navigation and use of web site features. It can also count the number of visitors to web sites and allow web surfers to use virtual "shopping carts". All this information is saved for future target advertising and marketing campaigns by various internet Advertising and Marketing companies. Though these cookies do not pose immediate threats but they can be misused to capture confidential information like user names and passwords.
Status:No Action taken
Category: Tracking Cookie



Infected Cookies
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt

Cookie.BS.Serving-Sys
Details: A Tracking Cookie is any cookie that is installed on a computer to save and access various activities of the user. It may be used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and scrutinize visitors' navigation and use of web site features. It can also count the number of visitors to web sites and allow web surfers to use virtual "shopping carts". All this information is saved for future target advertising and marketing campaigns by various internet Advertising and Marketing companies. Though these cookies do not pose immediate threats but they can be misused to capture confidential information like user names and passwords.
Status:No Action taken
Category: Tracking Cookie



Infected Cookies
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[2].txt

RCS.TeamViewer
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\.current\
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\.default\

RCS.TightVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_deferral\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_getupdaterect\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_keypress\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_lbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_mbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_rbuttonup\
hkey_current_user\software\orl\vnchooks\application_prefs\winvnc.exe\use_timer\
hkey_current_user\software\orl\vnchooks\application_prefs\
hkey_current_user\software\orl\winvnc3\autoportselect\
hkey_current_user\software\orl\winvnc3\idletimeout\
hkey_current_user\software\orl\winvnc3\inputsenabled\
hkey_current_user\software\orl\winvnc3\localinputsdisabled\
hkey_current_user\software\orl\winvnc3\locksetting\
hkey_current_user\software\orl\winvnc3\onlypollconsole\
hkey_current_user\software\orl\winvnc3\onlypollonevent\
hkey_current_user\software\orl\winvnc3\password\
hkey_current_user\software\orl\winvnc3\passwordviewonly\
hkey_current_user\software\orl\winvnc3\pollforeground\
hkey_current_user\software\orl\winvnc3\pollfullscreen\
hkey_current_user\software\orl\winvnc3\pollundercursor\
hkey_current_user\software\orl\winvnc3\removewallpaper\
hkey_current_user\software\orl\winvnc3\socketconnect\
hkey_local_machine\software\orl\winvnc3\default\

Adware.FlashEnhancer
Details: Adware programs secretly embed themselves on the victim抯 computer, hijack the browsing habits and search keywords and then display advertisements accordingly. The ads can include pop-ups, pop-unders, banners, or links etc. It may launch at system startup and modify the browser settings such as the home page, search page and the error page. It results in the browser as well as the system slow down and hence the user is recommended to remove this program.
Status:No Action taken
Category: Adware



Infected registry keys/values detected
hkey_current_user\software\xml\

RCS.UltraVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_current_user\appevents\eventlabels\vncviewerbell\
hkey_current_user\appevents\schemes\apps\vncviewer\vncviewerbell\
hkey_current_user\appevents\schemes\apps\vncviewer\
hkey_current_user\software\orl\winvnc3\
hkey_local_machine\software\orl\winvnc3\

RAT.WinVNC-based.h
Details: A remote administration tool is a program that enables a user to control a system remotely. It can access files, restart ?shutdown the system and even format the hard drive of the victim抯 machine. Such programs are basically used by administrators of a network to keep a watch on the peers. It generally works in the stealth mode and can start automatically at system boot-up. This program may pose grave security and privacy threats and hence the user is advised to remove this program from the system if not installed for a legitimate purpose.
Status:No Action taken
Category: Remote Administration Tool



Infected registry keys/values detected
hkey_current_user\software\orl\winvnc3\querysetting\
hkey_current_user\software\orl\winvnc3\querytimeout\

RAT (General Components)
Details: A remote administration tool is a program that enables a user to control a system remotely. It can access files, restart ?shutdown the system and even format the hard drive of the victim抯 machine. Such programs are basically used by administrators of a network to keep a watch on the peers. It generally works in the stealth mode and can start automatically at system boot-up. This program may pose grave security and privacy threats and hence the user is advised to remove this program from the system if not installed for a legitimate purpose.
Status:No Action taken
Category: Remote Administration Tool



Infected registry keys/values detected
hkey_current_user\software\orl\vnchooks\

Malware (General Components)
Details: Malware is a malicious program that is developed to seriously harm and damage the targeted system and may be installed on it without the knowledge or consent of the user. It can change system settings, corrupt the registry and destroy personal data. The Programs that cannot be classified in other categories or carry more than one traits which belong to different categories have been categorized under this categories.
Status:No Action taken
Category: Malware (General)



Infected files detected

FileName: c:\windows\system32\kavo.exe
MD5: 6651fcbbcb100f9b608e47a503588690 (117194 Bytes)

FileName: c:\windows\system32\kavo0.dll
MD5: b859812358da146372ff243edc8341a3 (187392 Bytes)

FileName: c:\windows\system32\kavo1.dll
MD5: b60e1b788b0d248305dff1a7e4cc6048 (187392 Bytes)
Infected registry keys/values detected
hkey_classes_root\appid\activex.dll\
hkey_classes_root\appid\activex.dll\appid\

RCS.RealVNC
Details: A Remote Control Software is a network program that is used by administrators to control computers in a network from a remote location. Though not harmful in itself but if used with malicious intent, such programs may cause damage to system files and other data. Hence, users are advised to remove this program from their system immediately upon detection.
Status:No Action taken
Category: RemoteControlSoftware



Infected registry keys/values detected
hkey_local_machine\software\orl\

Malware.Malware-(General-Components)
Details: Malware is a malicious program that is developed to seriously harm and damage the targeted system and may be installed on it without the knowledge or consent of the user. It can change system settings, corrupt the registry and destroy personal data. The Programs that cannot be classified in other categories or carry more than one traits which belong to different categories have been categorized under this categories.
Status:No Action taken
Category: Malware (General)



Infected files detected

FileName: c:\windows\6.tmp
MD5: d41d8cd98f00b204e9800998ecf8427e (0 Bytes)

Trojan-Downloader (General Components)
Details: A Trojan Downloader is a program that is usually installed through an exploit or some other erroneous channels. The key objective of this program is to download malevolent code or other malwares and unwanted softwares on the user抯 system. Downloaders can also be written in script languages such as VB Script and Java Script. These programs often make use of Microsoft Internet Explorer vulnerabilities. A Trojan downloader, when executed, normally installs itself on to the system and waits for the user to connect to the Internet. Once the internet connection is available, it endeavors to connect to a web or ftp site, download specific file or files and run them. These downloaded files may harm the system and result in malfunctioning of the system.
Status:No Action taken
Category: Trojan-Downloader



Infected files detected

FileName: c:\windows\2.tmp
MD5: 4316e55df1b80f5bd5f143bfffd271ef (24576 Bytes)

Trojan-Downloader.Adload.ko
Details: A Trojan Downloader is a program that is usually installed through an exploit or some other erroneous channels. The key objective of this program is to download malevolent code or other malwares and unwanted softwares on the user抯 system. Downloaders can also be written in script languages such as VB Script and Java Script. These programs often make use of Microsoft Internet Explorer vulnerabilities. A Trojan downloader, when executed, normally installs itself on to the system and waits for the user to connect to the Internet. Once the internet connection is available, it endeavors to connect to a web or ftp site, download specific file or files and run them. These downloaded files may harm the system and result in malfunctioning of the system.
Status:No Action taken
Category: Trojan-Downloader



Infected files detected

FileName: c:\documents and settings\user\local settings\temp\cml23.tmp
MD5: 58f95f1d32ffdfb817600d73a259ce8c (450560 Bytes)

FileName: c:\documents and settings\user\local settings\temp\cml3a.tmp
MD5: ce3a554190f6f1b89ef686a654855dac (860160 Bytes)

Adware.bho.jw
Details: Adware programs secretly embed themselves on the victim抯 computer, hijack the browsing habits and search keywords and then display advertisements accordingly. The ads can include pop-ups, pop-unders, banners, or links etc. It may launch at system startup and modify the browser settings such as the home page, search page and the error page. It results in the browser as well as the system slow down and hence the user is recommended to remove this program.
Status:No Action taken
Category: Adware



Infected files detected

FileName: c:\documents and settings\user\local settings\temp\cml25.tmp
MD5: 604f615bf7963c2f7015db84236b646c (450560 Bytes)

Can anyone suggested what should i do to deleted the virus DIY? FYI this is company pc and we will be issued a warning letter if our pc found to be infected by virus.

Your assistance on the above is highly appreciated.

Thank you.

Hi,
I failed to perform the above. when i type in attrib kavo.exe -r -a -s -h when i run CMD as instructed, it said file not found - kavo.exe. I've scanned my pc using spyeraser, it listed out the file infected are:
c:\windows\system32\kavo1.dll
c:\windows\system32\kavo.exe
c:\windows\system32\kavo0.dll

Please refer to the attached for log file.

Now, my pc has problem to click link from the website. It will freeze when i click on link. I've to use ctrl & alt to close the IE otherwise my pc will hang.


Attached File(s)
 log_file.htm ( 36.63k ) Number of downloads: 46