To complicate detection of its presence in the operating system,
forces the system hide from view:
Creates and executes the following:
Injects code into
the following system processes:
Installs hooks to intercept notifications
- Handler for all processes: <SYSTEM32>\kavo0.dll
Searches for windows to
bypass different anti-viruses:
- ClassName: 'AVP.Product_Notification' WindowName: '(null)'
- ClassName: 'AVP.AlertDialog' WindowName: '(null)'
Restores hooked functions in System Service Descriptor Table (SSDT).
Forces autoplay for removable media.