Ever been to a situation where you try to login with yahoo messenger and the messenger window simply disappears from the screen after typing username and password?
If so then your system is affected by "backdoor/Trojan amvo.exe".This problem is most commonly heard now a days.
Some Info about the trojan:
"amvo.exe" is bundled with several other worms/files, some of them are
1)80avp08.com
2)dosocom.com
3)usdeiect.com
4)xfoolavp.com
5)autorun.inf
6)Nideiect.com
7)u.bat... etc
These files are stored on the directories i.e. C:\, D:\ etc. and also on C:\windows\system32\amvo.exe
You wouldn't be able to delete any of these files and not even in Safe mode because it adds a autorun registry which loads amvo on boot.
Solution:
If so then your system is affected by "backdoor/Trojan amvo.exe".This problem is most commonly heard now a days.
Some Info about the trojan:
"amvo.exe" is bundled with several other worms/files, some of them are
1)80avp08.com
2)dosocom.com
3)usdeiect.com
4)xfoolavp.com
5)autorun.inf
6)Nideiect.com
7)u.bat... etc
These files are stored on the directories i.e. C:\, D:\ etc. and also on C:\windows\system32\amvo.exe
You wouldn't be able to delete any of these files and not even in Safe mode because it adds a autorun registry which loads amvo on boot.
Solution:
1)When i personally experienced this problem..i've just restored my system to a previous date.It worked for me.(For restoring you need to set a restore point earlier).
2)Only some Antivirus can detect this trojan.I heard that kaspersky caught this trojan and deleted it.(Personally i don't know but one of my friend told me).
3)Now if both above doesn't work out..Do as said
2)Only some Antivirus can detect this trojan.I heard that kaspersky caught this trojan and deleted it.(Personally i don't know but one of my friend told me).
3)Now if both above doesn't work out..Do as said
KILL all the processes like AMVO.exe or AVPO.exe(Task Manager>Processes)
Type "msconfig" (without quotes) in run and press Enter.
Go to startup tab and uncheck any entry on amvo.
Type "regedit" without quote in run and press Enter.
Press Ctrl+F and type amvo, do the search again and again and delete all the related entries.
Press Ctrl+F and type u.bat, do the search again and again and delete all the related entries.
Press Ctrl+F and type amva, do the search again and again and delete all the related entries.
Do the search for all the above listed files
(Generally you find all of them in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sh
Now do this carefully..
Type "cmd" without quote in run
type "d:" and then press Enter
type autorun.inf and then press Enter
find the name of the virus from a file which opens in notepad. This would have the name of the .exe/.bat/.com file in it, which is mounted at the boot time.
Search in the registry(run>regedit) for this file name which was entered in autorun.inf and delete all entries.
Now restart the computer. and do the followings
Go to regedit and then HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi
Double click on the entry called CheckedValue and replace the 0 with 1.
Almost done..Go to My Computer>Tools>Folder Options>View> Show hidden files
Now perform a search for all the malicious files above and delete them and also search for files like amvo0.dll, amvo1.dll etc.
Restart Again and your system should be free of trojan now.
4)If the above doesn't solution work..Click Here for trying another.(It is a word document which contains a different solution)
If you want the source code for this trojan then Click here.
Note:Use the source at you own risk.Donot save the file with .exe extension
1 comment:
Hi,
Thanks for leaving your comment on http://zerodollarchallenge.blogspot.com We have added your url on our blog and technorati. We were wondering if you would mind linking back at us?
Warm Regards
Post a Comment