Amvo.exe!!! Please help

Status
Not open for further replies.
°

°K£l†huzaD°

Broken In
Guys i just got myself some virus into my HD. It's called (maybe) amvo.exe. My task Manager is disabled. I cannot open regedit and command prompt. It opens new windows. Can anyone tell me how to remove it . PLEASE!!!

I don't have an AV
 
iMav

iMav

The Devil's Advocate
amvo.exe its the worst brred of viruses, iv been infected by it courtsey my college comps,

solution:

1. boot into linux - the best option

then go to each drive & pen drive of urs and then delete the exe and autorun.inf file, even if u have manually made an autorun file delete it and re-create later

2. download and run:

*cid-7a9d87fa129538ef.skydrive.live.com/self.aspx/Public/fix.rar

this will bring back ur show all file option

3. open regedit:

run->regedit

search amvo, amva, tavo

then delete each entry no matte what it corresponds to ;) u should be done
 
H

Hrithan2020

In the zone
Have the same problem.Have got amvo.exe,svehost.exe & 8de.bat running.deleted entries in reg & also searched(hidden & s/m protected ticked).But no search results.

So I created a bat file to stop all these unwanted processes & scheduled it to run everytime i log in.
Ne other soln.Am not able to view hidden or s/m protected files.4got where the reg entries are.neway will try l8r.
 
iMav

iMav

The Devil's Advocate
please try the file given in point 2 here:

*www.thinkdigit.com/forum/showpost.php?p=801660&postcount=3
 
ayush_chh

ayush_chh

Ambassador of Buzz
try this link here

*ayushchhawchharia.blogspot.com/2008/01/how-to-remove-amvoexe-trojan-horse.html

the name of the files different every time BUT the types are always same....

one .bat one .com and one autorun.inf

the .bat and .com files can have any wired names just find out in your case. :)

here is the solution

*www.thinkdigit.com/forum/showpost.php?p=781651&postcount=8
 
Last edited:
sriharsha_mahankali

sriharsha_mahankali

Broken In
start->run->cmd->

1. Finish virus active proccess, better said: amvo.exe and avpo.exe from command line:

taskkill /f /im amvo.exe
taskkill /f /im avpo.exe

2. Remove system, hidden and read-only attributes to the virus files, this is possible using following commands from command line:

attrib -s -h -r C:\autorun.inf
attrib -s -h -r C:\ntdeiect.com
attrib -s -h -r C:\n1detect.com
attrib -s -h -r C:\n?deiect.com
attrib -s -h -r C:\nideiect.com
attrib -s -h -r C:\nide?ect.com
attrib -s -h -r C:\u?de?ect.com

3. Proceed to remove of these files using delete command with /f option to force deleting, /q option to delete without asking for confirmation and the/a option to say that the files to be deleted are file with attributes, from command line:

del C:\autorun.inf /f /q /a
del C:\ntdeiect.com /f /q /a
del C:\n1detect.com /f /q /a
del C:\n1deiect.com /f /q /a
del C:\nide?ect.com /f /q /a
del C:\u?de?ect.com /f /q /a

4. Now we remove hidden, system and read only attributes to the files located at C:\windows\system32 folder:

attrib -s -h -r c:\windows\system32\amvo.exe
attrib -s -h -r c:\windows\system32\avpo.exe
attrib -s -h -r c:\windows\system32\amvo0.dll
attrib -s -h -r c:\windows\system32\amvo1.dll
attrib -s -h -r c:\windows\system32\avpo0.dll
attrib -s -h -r c:\windows\system32\avpo1.dll

or beter said:

attrib -s -h -r c:\windows\system32\amvo*.*
attrib -s -h -r c:\windows\system32\avpo*.*

5. Once done this, we proceed to delete files of the virus located at C:\windows\system32 folder:

del /f c:\windows\system32\amvo*.*
del /f c:\windows\system32\avpo*.*

6. Now we delete from Registry the values created for the virus to avoid its automatic execution on system boot, from command line:

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v amva /f
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpo /f

7. And we restore option to see system and hidden files, from command line:

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f

8. Repeat steps 1-7 en all drives.

9. Restart the computer or if you prefer you can restart Explorer.exe proccess doing this from command line:

taskkill /f /im explorer.exe
start explorer.exe
 
ayush_chh

ayush_chh

Ambassador of Buzz
now thats a great work......did you find it or got it from somewhere.......??

you can create a batch file for these commands(since all of them are in command prompt)......and then one can just execute it......:)
 
Status
Not open for further replies.
Top Bottom