• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Trojan.Kotver!lnk removal

I just got this popup from Norton and it said could not remove this file. I was informed to download Norton Power Eraser which found something associated with Logitech browser plug in but no mention of the Trojan above. what do I do next?

Replies

Kudos0

Re: Trojan.Kotver!lnk removal

> run LiveUpdates several times until no updates found > re-start not under the influence of Fast Startup > Full Scan.  No joy.

Visit one of the free Malware Removal Forums recommended by the Community
http://www.bleepingcomputer.com/Am-I-infected-What-do-I-do/
http://forums.whatthetech.com/MalwareRemovalForum
http://www.geekstogo.com/Security/MalwareRemoval
http://www.cybertechhelp.com/MalwareRemovalForum

Trained experts at free Malware Removal Forums do their best to repair your system. Resist self fixes and using your computer as normal until your system is declared clean.  Register n' start a Thread at one Malware Removal Forum.  -------------------------------------------------------------------------
What is Norton Virus Protection Promise

Kudos0

Re: Trojan.Kotver!lnk removal

I am having this same problem. It seems that this is a brand new virus. It is being blocked by Norton (it says it is, anyway), but the message keeps popping up in the right lower corner that it is being blocked. So, it seems like it continues to try to do something, even though the offending file is shown as quarantined. The file is: ... AppData\Local\d15e1\ebf25.lnk

Each time I do a restart or especially a cold book, it warns me about a virus and I have to go thru the full cycle of trying Power Eraser, it gets quarantined yet again, etc

So, my question is - can we expect a real fix for this (where the file will be removed and messages will stop coming up)?

Kudos0

Re: Trojan.Kotver!lnk removal

have you read > Norton Power Eraser did not remove this risk @ https://www.symantec.com/security_response/writeup.jsp


Norton Power Eraser analysis is aggressive, it sometimes flags the critical files that you might need. NPE can produce more false positives than virus and spyware scans.  NPE detections do not appear in Quarantine.  NPE does not automatically remediate detections.  NPE does not scan every file on the computer.


Visit one of the free Malware Removal Forums recommended by the Community. Or,
What is Norton Virus Protection Promise

Kudos0

Re: Trojan.Kotver!lnk removal

Yes, I did read the writeup about Norton Bootable Recovery Tool. I guess I was hoping that a fix for regular Norton would be coming so I wouldn't have to resort to this tool. As far as the Power Eraser, false positioves, etc. I'm sure I didn't state the exact sequence of events because it can get pretty confusing.

The regular Norton auto-protection has been displaying repeated warnings after a cold boot that there is a serious threat that requires manual removal, then gives several options. The recommended option was to run the Power Eraser, I believe. But that failed, so I tried several of the other options given on the regular Manual removal tool screen. I think one of those other options quarantined the offending file. Perhaps somewhere else it got done. Whatever, Norton shows that my system is secure, but then it repeatedly puts out these "Blocked" messages, so I don't really think it is.

I will do the Bootable Recovery Tool. Thanks.

Kudos0

Re: Trojan.Kotver!lnk removal

I will do the Bootable Recovery Tool.

Were my machine with Norton flag Trojan.Kotver!lnk.  I'd register and start thread at free Malware Removal Forum e.g.,http://www.bleepingcomputer.com/welcome-guide/

Kudos0

Re: Trojan.Kotver!lnk removal

I will try that and also posted at cybertechhelp forums.

Thanks and I will post any results given.

Kudos0

Re: Trojan.Kotver!lnk removal

brianarnett1: and also posted at cybertechhelp forums [..] and I will post any results given.

 Thanks, expecting to hear your system is sorted.    Good luck. 

Kudos0

Re: Trojan.Kotver!lnk removal

I will try that and also posted at cybertechhelp forums.

Just to be clear. You only posted to one of the Malware Removal web sites? If you work with more than one expert it can mess things up as each does not know what the other is suggesting. Then each is chasing a moving target.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trojan.Kotver!lnk removal

peterweb,
I read "and also" as referring to "I will do the Bootable Recovery Tool" Permalink ..."and also cybertechhelp forums".
Thanks

Kudos1 Stats

Re: Trojan.Kotver!lnk removal

I downloaded Ad Aware free version from lava soft and it cleaned it off of my computer. It did manage to damage internet explorer, luckily I had a version on my laptop. I deleted the version on my desktop and pasted the laptops clean version in the programs86 folder.

Kudos0

Re: Trojan.Kotver!lnk removal

So, we have brianarnett1 and rah1861 and Bryan8707 with Trojan.Kotver!lnk

Kudos0

Re: Trojan.Kotver!lnk removal

I am only just now getting back to this thread because I've been reactivating my older laptop computer (doing the latest Windows updates, Norton, etc) because I've been a little afraid to use my infected computer for anything.

Concerning the Ad Ware free version, that sounds interesting for sure, but I looked at it and it looks like an anti-virus program (like Norton). I have always thought that you could only run ONE of this type of program at the same time - i.e. either Norton OR AdAware.

So, are you saying you disabled Norton, installed and activated AdAware, then got it to do the removal? Or is there some small tool in AdAware that you used without activating its full anti-virus ability? I have been thinking that a removal tool was what was needed, not yet another anti-virus program. This sounds very interesting, but I would like to be sure to do it correctly. Thanks.

Kudos0

Re: Trojan.Kotver!lnk removal

The best way to do it correctly is to allow a malware removal expert from one of the suggested sites to work on your system. They work with you one on one, because each infection is different from another. Using a fix for one user may disable your system.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trojan.Kotver!lnk removal

My wife's laptop has the same problem. I am not sure how she got the virus. I checked my laptop and it does not have it. Norton keeps alerting her about the Trojan.Kotver!lnk virus and says that it is being blocked, but the alert keeps reappearing.. The virus is located in the folder at C:\Users\........\AppData\Local\07aff547\

I have tried running Norton Power Eraser but it does not detect it and does not remove it. Whenever I try to delete the folder or any of the files inside they are just recreated. There are 3 files in the folder (see Google drive link below for screen shot). One is a .lnk shortcut file that appears for a second, then disappears, then reappears continuously. I am not sure what type the second file is. The third is a batch file that has the following command.

start "" "C:\Users\........\AppData\Local\07aff547\db048d73.3e6179cac"

If I try to edit the batch file and save it, it just restores the command. And if I try to rename any of the files, it just creates new ones. Hopefully Norton or someone else will find a solution. I don't like to install a bunch of different Malware programs and running them because of the potential harm they may cause to other files/programs.

Screen Shot: https://drive.google.com/file/d/0B6inWKDRjsKUanFNZ3hHcWZEaU0/view?usp=sharing

Kudos0

Re: Trojan.Kotver!lnk removal

As aware advised that I had another anti virus on my system, It then said it would install in compatibility mode. I would never have uninstalled Norton when it was blocking that virus 3 times a minute. All I can tell you is that it worked on my system. Just FYI, I had just removed windows 10 from my computer and set it back to Windows 7, I got a pop-up saying my Adobe flash player needed to be updated, I clicked to allow this and when the black box with green text popped up showing the download I knew what happened but it was to late.

Kudos0

Re: Trojan.Kotver!lnk removal

I am almost positive that the trojan got onto my computer with this sequence:

I did a Google search, got some results (photography equipment), and clicked on one. Immediately, a full new tab came up in Firefox which said there was a "patch" update to Firefox and did I want to download it. Like a jerk, I said OK (I thought it looked somewhat odd). I picked Save on the download and after the file downloaded (a .js file), I ran it (another stupid thing!). Next thing I know, the computer did a restart, and once it came back up, Norton immediately started warning me about the trojan/virus. The .js file I downloaded was no longer there.

I haven't had time to do anything about removing it yet (using my old laptop and treating my infected computer as a paperweight right now). I am not surprised that you cannot delete or rename those files, Woodie - if it were that easy, it wouldn't be much of a virus! (your screen and files are very similar to mine).

Kudos0

Re: Trojan.Kotver!lnk removal

I got the Trojan.Kotver virus on my computer last night and it was my fault.  I'm pretty new at using Firefox and one of the "normal" update notices popped up to update Firefox to the most resent version.  The entire screen turned to the Firefox logo and I proceeded to download the small file.  I clicked the file to install and then it dawned on me that something might be off about the downloaded file.  I quickly checked the website it downloaded from and it was not a normal name.  I stopped the install...it was too late though...my computer automatically restarted and the virus was installed.

I too (like rah1861) had the endless Norton quarantine and reboot only to have it find the virus again.  I ran Erase and the Norton Bootable disk but that didn't help.  I ran Malwarebytes Anti-Malware (free version) and it found several Trojan files, etc.  Now it's gone.

Kudos1 Stats

Re: Trojan.Kotver!lnk removal

It sure is odd that Ad Aware and Malwarebytes Anti-Malware ( both free ) can remove this virus while Norton that I pay something like $40.00 a year does nothing.
Kudos0

Re: Trojan.Kotver!lnk removal

This is exactly how my laptop is. Location of this virus is C:\users\    \AppData\Local\e5277fb\Ofcb151.Ink

How did this virus slip through Norton. This also disabled my Defender program.

Kudos0

Re: Trojan.Kotver!lnk removal

My Norton tells me that this virus/Malware is less then a week old, most likely why it slipped through Norton.
Kudos0

Re: Trojan.Kotver!lnk removal

Mister Bill:  How did this virus slip through Norton. This also disabled my Defender program.

Windows Defender is (should be) disabled when you install Norton.


Trojan.Kotver!lnk is a heuristic detection used to detect threats associated with the Trojan.Kotver family of threats.   The concern with heuristic detection is that it increases false positives.  Files that are detected as Trojan.Kotver!lnk are considered malicious. If you have reason to believe that your files are incorrectly detected by Symantec products, you can submit them to Symantec Security Response for further analysis.

Kudos0

Re: Trojan.Kotver!lnk removal

Even if it is just a week old why are these other software's removing it and Norton doesn't?
Kudos0

Re: Trojan.Kotver!lnk removal

When I installed Ad Aware it said I had to go to my email to get the product key to finish the install, somehow the virus screwed up my Internet Explorer and when I would click the Icon it would flash then go out. I got the key from my email off of my phone and entered it. I had to restart my PC and the virus was gone. I did have to delete the Internet Explorer folder out of my Program (x86) folder. I then copied Internet explorer off of my laptop and pasted it in the desktop program (x86) folder, Internet explorer worked fine then. From now on If I get a update thing I am closing it and going to the actual site to see if there is a real update.

Kudos0

Re: Trojan.Kotver!lnk removal

I did submit it to Symantec two days ago and I figured that Norton disabled Defender which I have never used. I really do not know how the Anti Virus Company's can keep up with the jerks that write or create these malware/virus's.
Kudos0

Re: Trojan.Kotver!lnk removal

Bryan8707, After Ad Aware damaged Internet Explorer did your computer run correctly. Did you completely remove IE from your system and if you did, what Version of windows were you using at the time?
Kudos0

Re: Trojan.Kotver!lnk removal

Bryan8707 After Ad Aware damaged Internet Explorer, did your system run normally, and if it did, what operating system were you running?
Kudos0

Re: Trojan.Kotver!lnk removal

Ad Aware didn't damage Internet explorer the virus damaged it. I had been running windows 10 for several months and had changed it back to windows 7 a few days before I got the virus.
Kudos0

Re: Trojan.Kotver!lnk removal

Hi Everyone,

Thanks for reporting this issue. Could you please submit the files which are getting detected as "Trojan.Kotver!lnk" for further analysis to Submit File location and share the file submission tracking numbers with us. Also, please let us know the Norton product name and version number installed. 

Please see Norton Support article with steps How to Submit a file to Symantec Security Response for analysis. Thanks. 

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Trojan.Kotver!lnk removal

I have been trying to submit the file but it cannot be done - the file keeps disappearing from the Choose File dialog (the Windows Explorer-type dialog you use to pick the file). There are 2 other files in the directory, and only one can be chosen and have it used for submission. The other files either disappear quickly from the display, or even if you get a change to click on one, when you click the button to chose it, you get an error saying file not found.

I CAN chose the invected e6f25.lnk file in Total Commander, but cannot do much with it - for example, I cannot copy it anywhere, it says it cannot be read. This is a resistant virus (no surprise!). If you can come up with a mechanism to submit the file, I'll be happy to.

Kudos0

Re: Trojan.Kotver!lnk removal

@rah1861, Thanks for trying with file submission. Please follow below steps to download and run the Trojan.Kotver Fix tool.

Important Note: Selecting "Run as administrator" will result in an incomplete repair. You must be logged in to the Administrator account and all other users must be logged out in order for the tool to work correctly.

Please refer the Support article for more information: How to download and run the tool Trojan.Kotver Removal Tool

  1. Download FixToolKotver64.exe(Download Fix tool from Trojan.Kotver Removal Tool) for 64-bit computers and FixToolKotver32.exe(Download Fix tool from Trojan.Kotver Removal Tool) for 32-bit computers.
  2. Save the file to a convenient location, such as your Windows desktop.
  3. If you are sure that you are downloading this tool from the Security Response website, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the Digital Signature section before proceeding with step 4.
  4. Close all the running programs.
  5. If you are running Windows XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation.
  6. Important: Rename the tool to [RANDOM NAME].exe to ensure that Trojan.Kotver does not kill the process. 
  7. Double-click the FixToolKotver64.exe or the FixToolKotver32.exe file to start the removal tool.
  8. Click I Accept to accept the EULA, then click Start to begin the process and allow the tool to run. 
Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Trojan.Kotver!lnk removal

Wanted to give an update. I tried the Norton removal tool mentioned by the Norton Admin above and it did not work. I followed all the steps, downloaded the correct file type (64 bit), was logged in as Administrator, renamed the file to stop.exe, closed all other running programs, then ran the stop.exe removal tool, clicked I accept. The tool ran and said it did not find the virus. 

Rebooted the laptop just to be sure, ran the tool again, same result.

The standard Norton tool still detects the virus (see Google Drive link to screen shot) but the removal tool provided above does not find it. It appears the Norton removal tool was created in September of 2015 so this new virus was probably created to avoid detection by the tool. Thanks for the effort. Hope you can find a solution.

BTW: Laptop is running Windows 10 64 bit with the latest Norton Security Suite provided through Comcast version 22.7.1.32

Also, it definitely appears the virus is being installed through a fake Firefox update alert. My wife uses Firefox (I use Chrome) and she did recall getting an alert to update Firefox a few days ago which she did and now her laptop has the virus, mine does not. While she was using it today, she got another pop-up in Firefox saying there was an urgent update needed but when we checked, she was running the latest Firefox version 49.0.1. So Mozilla should be alerted as well since it looks like it is being spread through Firefox.

https://drive.google.com/file/d/0B6inWKDRjsKUVWFXUzJvUVFpalE/view?usp=sharing

Kudos0

Re: Trojan.Kotver!lnk removal

It's a lot easier to just use the fix I used.
Kudos0

Re: Trojan.Kotver!lnk removal

Thanks for the feedback, Woodie. I think I'll wait till we get some response from the Admin (although maybe he's waiting for me to try it). I cannot try it till later (I am away from home now).

I agree that Mozilla needs to know about this. Actually, as I understand things, the anti-virus community keeps each other pretty well informed (i.e. the different companies share info about any new viruses). Of course, Mozilla isn't an anti-virus company...

Kudos0

Re: Trojan.Kotver!lnk removal

My husband and I both got it on our laptops...also from that same faux Firefox update. His consistently shows up on Norton full system scans and nothing seems to remove it. Mine will show up on scans and then disappear for a few hours (i.e. making you think it's gone) just to reappear a bit later. I tried the removal tool noted above when it was showing up in my system scans and it would give me a message that it didn't detect any trojan.kotver's. 

Kudos0

Re: Trojan.Kotver!lnk removal

Is anyone ready to try the free malware sites already suggested above? They have malware removal experts and have experience with this malware.



http://www.bleepingcomputer.com/
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/
http://qmalwareremoval.freeforums.net/

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: Trojan.Kotver!lnk removal

This worked and it installed in compatibility mode with Norton. www . lavasoft . com/

Kudos0

Re: Trojan.Kotver!lnk removal

LOL, Now if I could figure out how to stop the notifications from this thread.

Kudos0

Re: Trojan.Kotver!lnk removal

Bryan8707:

LOL, Now if I could figure out how to stop the notifications from this thread.

 Go to the top of this thread and in the first post, look for a link to Unsubscribe below the post.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trojan.Kotver!lnk removal

I tried the Norton fix it and it said Trojan.Kotver not found on your system. Either it was removed by my Malwarebytes, Superantispyware or Norton already or the fix it is not working. I did try ESET, JRT, and ADW as suggested on bleepingcomputer and they could not fin it either, although other minor files were found like Comcast toolbar which seems to be flagged by many. Thanks to everybody for their help.

Kudos0

Re: Trojan.Kotver!lnk removal

Rah 1861 I found my file and submitted it last night, but have not heard from Norton yet. I found my file by opening Internet Explorer Win 10, or the old documents page Win7. Go to the top of the screen and click on the View tab, the go across blue ribbon bar until you see Hidden items. If this is not checked, check it,  then follow this path: Local Disk (C:)>Users>Your screen name>AppData and you should see the virus's name. My AppData had two files OFcb151, which I think is a shortcut, and ac345cd which is the virus. When submitting your file to Norton click on the Browse button and follow this path to this file and highlight and click open, this should add the virus to the file and finish completing the info for Norton and hit submit.

Kudos0

Re: Trojan.Kotver!lnk removal

Hi, 

If you have submitted to Symantec Security Response for analysis, could you share the tracking number with me via a Private Message (the envelope symbol on the top-right corner of the page)? If you haven't submitted already, please follow the instructions on How to Submit a file to Symantec Security Response for analysis, and provide the tracking number. Thank you for reporting this issue to us. 

-Gayathri

Gayathri R | Norton Forums Global Community Administrator | Symantec Corporation
Kudos0

Re: Trojan.Kotver!lnk removal

I tried the one from bleepingcomputer.com, printed the 14 step process, without any success. If anyone is trying to locate the virus in their computer, remember that this virus will most likely be in a hidden file on that computer. I looked for the one in mine for a day and remembered that Microsoft hides some of the most important files to protect owners from accidentally deleting them. To look at the hidden files simply Google 'viewing hidden files' and be sure that you are following the instructions for your particular operating system, and be careful not to click on any of the files.
Kudos0

Re: Trojan.Kotver!lnk removal

Mister Bill: I tried the one from bleepingcomputer.com, printed the 14 step process, without any success.

DIY was not recommended.  
https://community.norton.com/en/comment/7198911

Kudos0

Re: Trojan.Kotver!lnk removal

Were you able to remove the virus? I have spent all day trying to get this sucker off. It behaves like a replicator. My full-system scan isolated and removed all of the replicated files but the original one is still on my computer. It's awful. I learned that it came in through a faux Mozilla update. What did you do?

Kudos0

Re: Trojan.Kotver!lnk removal

For me I already have show hidden files and folders checked in windows 10 so I assume all the scanners would have checked there. So far Norton has not popped up again with the flag.

Kudos0

Re: Trojan.Kotver!lnk removal

Hi @Woodie43,

Thanks for trying the Fix tool. Could you please upload the file which is being detected as threat? You can find the location of the file from the Norton alert message. Please make sure Show hidden files option is enabled. Once file is submitted, please share the submission tracking number with us. 

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Trojan.Kotver!lnk removal

Hi @Chickie95,

Sorry for the trouble caused. Could you please submit the files to  How to Submit a file to Symantec Security Response for analysis, and provide the tracking number? Please let us know if you need any help with file submission process. 

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Trojan.Kotver!lnk removal

Mr. Bill, thanks for the response, but I have all the settings that you mentioned (show hidden files, etc). I know how to do this stuff. I found the directory where the infected files are, but, as I said earlier, the files do not stay on the display - they flicker on and off - sometimes there are 2, sometimes 3, sometimes only one. I am not making this up. It ONLY happens in this directory with the infected file. I think the virus is doing this to prevent someone from trying to do anything with these files. It probably depends on which display driver you have whether it works or not on a particular system.

Yes, I did exactly as you said, used the browse button on the Norton submit screen, navigated as required to that folder again, and once again am unable to select the files because they come and go as you are looking at the screen, Again, I don't mean every time there is a screen refresh - like if you went to another screen and came back - I mean as you looks at the screen, the files appear for a second, then disappear, over and over again. I am unable to select 2 of the 3 files that appear briefly in that folder.

On another subject, what is it with this Forum's reply facility, where even if you click a Reply button below a particular posting, and you see that posting on the screen, when you finally submit your entry, the item you are replying to is no longer shown?!? In other words, this thread now contains a bunch of replies to SPECIFIC postings and you cannot tell which are being replied to because it doesn't show it. For example, I am replying to a posting from Mr. Bill, but after I post it, it will just be tacked onto the very bottom with no way to tell who I was replying to. Unless I am doing something wrong...

Kudos0

Re: Trojan.Kotver!lnk removal

rah1861:

Mr. Bill, thanks for the response, but I have all the settings that you mentioned (show hidden files, etc). I know how to do this stuff. I found the directory where the infected files are, but, as I said earlier, the files do not stay on the display - they flicker on and off - sometimes there are 2, sometimes 3, sometimes only one. I am not making this up. It ONLY happens in this directory with the infected file. I think the virus is doing this to prevent someone from trying to do anything with these files. It probably depends on which display driver you have whether it works or not on a particular system.

Yes, I did exactly as you said, used the browse button on the Norton submit screen, navigated as required to that folder again, and once again am unable to select the files because they come and go as you are looking at the screen, Again, I don't mean every time there is a screen refresh - like if you went to another screen and came back - I mean as you looks at the screen, the files appear for a second, then disappear, over and over again. I am unable to select 2 of the 3 files that appear briefly in that folder.

On another subject, what is it with this Forum's reply facility, where even if you click a Reply button below a particular posting, and you see that posting on the screen, when you finally submit your entry, the item you are replying to is no longer shown?!? In other words, this thread now contains a bunch of replies to SPECIFIC postings and you cannot tell which are being replied to because it doesn't show it. For example, I am replying to a posting from Mr. Bill, but after I post it, it will just be tacked onto the very bottom with no way to tell who I was replying to. Unless I am doing something wrong...

After you click on reply for a specific post, click on the quotation marks in a box on the edit bar. That will  give a quote noting the poster's name as in this reply to you.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trojan.Kotver!lnk removal

I have seen this twice now in 3 days with the same results as everyone else. I submitted the file today.

I have to get this removed immediately from one pc, but on the other one I can do more testing as I've pulled it out of production. Please let me know if I can be of assitance.

This thread is closed from further comment. Please visit the forum to start a new thread.