Security
Software
Necessary

Wednesday, July 9, 2008

amvo.exe virus removal

amvo

removal methods

Amvo virus attacks Yahoo! messenger,
It consists of 3 files,
windows\system32\amvo.exe
windows\system32\amvo1.dll
windows\system32\amvo0.dll

just delete these 3 files and the virus is gone, and donot forget to remove the startup entry for amvo.exe, either from msconfig or regedit or any 3rd party tool

1. Open Task Manager
2. End Task Explorer.exe
3. Select Run from File Menu
4. Type cmd (press enter)
5. In Command Prompt Type: cd %windir%\system32
6. Type: attrib -s -h -r amvo*.*
7. Type del amvo*.*
8. Remove startup entries and virus is gone :)


http://mtaram.wordpress.com/2008/01/03/computer-troubleshooting-virus-issues/

Posted on January 3, 2008 by mtaram

Recently I had a big time trouble with my computer as all the drives failed to open on double clicking and showed me a application selection window instead. After searching through the running processes and other settings I found that the show hidden files options in the folder options was also not working.

With the help of one of my friends [MOHIT] I fixed the issues.

The problem was due to amvo.exe amvo0.dll ampo.exe amvol.dll xfoolavp.com usdeiect.com and autorun.inf present in every drive’s root.

The fix works as follows…

open task manager (if ur task manager doesnt open and shows errors and warnings then use this tool
http://www.brothersoft.com/rrt-(remove-restrictions-tool)-60879.html
and end task the above mentioned processes if u see them in the running process list from the processes pane. Then goto applications pane and click on new task and type in cmd or command. Once at the command prompt type in “cd\” without the quotes to goto the root of the current drive. Then type “del /f /a /s /q”

where of the files above mentioned (this menthod can also be used to force delete any unwanted file ) use this method to delete all above mentioned from the root of every drive.

After this open registry editor by clicking on new task and typing in “regedit” without quotes. Then goto HKCU > software >microsoft >windows >current version > explorer > advanced > then look for the hidden key in the right pane and change the value to 1 from 2.

And to fix the issues with drives not opening or search opening up on double click download this .reg
http://megamachine.infinites.net/open.reg
(right click and save target as) file and double click it and add to your registry.

or do this…

copy every under this line paste in notepad save with .reg extension on ur desktop and double click it

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell]
@=”Open”
[HKEY_CLASSES_ROOT\Directory\shell\Explo

re]
[HKEY_CLASSES_ROOT\Directory\shell\Explore\command]
@=”%SystemRoot%\\Explorer.exe /e,/root,\”%1″
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec]
@=”[ExploreFolder(\”%l\”, %I, %S)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\find]
“SuppressionPolicy”=dword:00000080
[HKEY_CLASSES_ROOT\Directory\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec]
@=”[FindFolder(\”%l\”, %I)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\Open]
“BrowserFlags”=dword:00000010
“ExplorerFlags”=dword:00000012
[HKEY_CLASSES_ROOT\Directory\shell\Open\
command]
@=”%SystemRoot%\\Explorer.exe /idlist”
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec]
@=”[ViewFolder(\”%l\”, %I, %S)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\Openddeexec]
[HKEY_CLASSES_ROOT\Directory\shell\Openddeexec\ifexec]
@=”[]”
[HKEY_CLASSES_ROOT\Folder\shell]
@=”open”
[HKEY_CLASSES_ROOT\Folder\shell\explore]
“BrowserFlags”=dword:00000022
“ExplorerFlags”=dword:00000021
[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec]
@=”[ExploreFolder(\”%l\”, %I, %S)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\ifexec]
@=”[]”
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Folder\shell\open]
“BrowserFlags”=dword:00000010
“ExplorerFlags”=dword:00000012
[HKEY_CLASSES_ROOT\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec]
@=”[ViewFolder(\”%l\”, %I, %S)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\ifexec]
@=”[]”
[HKEY_CLASSES_ROOT\Folder\shell\open\dde
exec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Drive\shell]
@=”open_[1]”
[HKEY_CLASSES_ROOT\Drive\shell\find]
“SuppressionPolicy”=dword:00000080
[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec]
@=”[FindFolder(\”%l\”, %I)]”
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Drive\shell\open]
[HKEY_CLASSES_ROOT\Drive\shell\open\command]
@=”%SystemRoot%\\Explorer.exe /idlist,%I,%L”
[HKEY_CLASSES_ROOT\Drive\shell\open\ddeexec]
[HKEY_CLASSES_ROOT\Drive\shell\open\ddeexec\topic]
@=”AppProperties”



another solution [simple]




Stumble Upon Toolbar

No comments:

Free Web Hosting

Free Web Hosting with Website Builder

Snap Shots

Get Free Shots from Snap.com