Name of the threat :
kxvo.exe
Location :
The file is located in C/Windows/System32 folder
Modus Operandi :
kxvo.exe file changes the registry value for showing hidden files to 0 instead of the default 1
Solution :
- Boot into Windows in safe mode by pressing F8 button at startup
- Open command prompt ( I assume u know how to do it and other similar stuff )
- Navigate to the folder containing the virus/malware , which in our case is C/Windows/System32
- Type the following command to see if the malware exists there or not
dir /a:h kxvo*
/a here implies an attribute and h implies the atrribute property which is hidden in this case, for more info type help dir - If it lists the kxvo.exe file there then proceed to the next step
- Type the following command to delete the file
dir /a:h /f kxvo*
/a:h has already been explained earlier , the /f options forces the execution of the command - Once you are done deleting the file , open the windows run tool and enter regedit in order to open registry editor
- Once the Registry editor window pops up follow the following path
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
Current Version
Explorer
Advanced
Folder
Hidden
SHOWALL - On selecting SHOWALL you should be able to see the name CheckedValue on the right , right click on it and chage its value to 1 ( kxvo.exe changes this value to 0 hence snatching away the ability to view hidden folders from you )
- reboot
I would suggets you better install some anti-spyware software in order to prevent them from entering your system. I had "Spybot - Search and Destroy" and "Windows Defender" when the kxvo.exe malware infected my stsem.Although both the anti-spywares were able to detect the changes made by kxvo to the registry they were not able to remove it."Spyware Terminator" did claim that it removed the kxvo.exe from my system after it had shown its ugly face again on my system.Having an enterprise version of Symantec Endpoint didn't help my cause either.
