"Registry Editor has stopped working" /Trojan.Packed.NSAnti Kavo V

[vic]

My real question is: How can i remove the Kavo Trojan.Packed.NSAnti virus
from my Vista system? Norton Antivirus was unsuccessful. If you have a fix
for that, that's the best thing I'm looking for.

If you can't answer that, then my question is: How can I continue to run an
application despite a Windows Error message saying, "Registry Editor has
stopped working"?

My Mother's Vista computer downloaded the kavo trojan.packed.nsanti virus
and Norton Antivirus hasn't been able to remove it. i am trying to run a
kavo-specific removal program called Kavo Killer, but whenever i run it, i
get a windows error message saying, "Registry Editor has stopped working" and
it forces me to close the program. I just want to run this kavo-killer
antivirus. how cna i continue to run it even when the registry has stopped
workin? this occurs in both regular mode and safe mode.

the error window message in more details reads:

Registry Editor has stopped working.
Windows can check online for a solution to the problem.
-->Check online for a solution and close the program
-->Close the program
Program Details:
Problem Event Name: APPCRASH
Application Name: regedit.exe
and some other stuff that probably isn't relevant.

thank you in advance for any help you might be able to offer.

vic

 

[Mick Murphy]

Install Malwarebytea and Spybot Search & Destroy, and scan your Systam wit
them in Safe Mode, or Safe Mode with Networking(explanation below) to remove
your problems.

Install the above in Normal mode, then scan in Safe Mode.
If unable to install in normal mode do the lot in SM with Networking;
download, install, update, then scan.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking (from F8 list of
Startup Options), and install, update and scan from there

 

[Mick Murphy]

And tha above solution will solve the regedit problem; they are caused by the
same thing; Malware/Spyware

 

[Kayman]

My real question is: How can i remove the Kavo Trojan.Packed.NSAnti virus
from my Vista system?

It's a tricky one, you may have to try several AV removal applications!

Norton Antivirus was unsuccessful.

That's surprising

If you have a fix for that, that's the best thing I'm looking for.

<snip>

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared Free or a-squared Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner and the free version of Malwarebytes© and SuperAntispyware have an
update feature; Keep the latter two (2) installed in addtion to your
resident AV/A-S applications and scan frequently.

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Good luck

 

[Mick Murphy]

Wrong advice!
1. It is a trojan, not a virus

2. Had the same prob with regedit on a client's computer yesterday(albeit in
XP).

When Malwarebytes started removal process at end of scan, it notified that
regedit is disabled, and may it activate same.
When you OK it, everything returned to normal.

3. And just because something takes a long time to scan, does NOT mean it is
doing a good job.

Norton, trend, McA are bloated rubbish that try to be everything to
everybody, and fail dismally.
And their Anti-Spyware/Malware capabilities are barely miniminal.

 

[Mick Murphy]

If you can use a computer(which I doubt), the 1st two replies to the OP in
this thread are mine.
In them, I give the advice that the OP requires to fix his problems.

You must live in la-la land!

 

[Kayman]

This thing here may be as bad as the original problem you tried to use this on.
It creates folders and files all over your drive, boots on it's own, can't even
take ownership of the folders it creates.

Took a reformat to remove all traces of it.
And it didn't actually do anything when it did run.
IOW: Trouble enough removing virus, without getting into more trouble just
trying to remove the worthless virus scanners.

You may wish to bring this issue with Nick. He is very receptive to any
issues in relation to his software.