Beware when Plugging USBs to another System.
You will get a nasty amvo.exe!
First I got a memory reference error as alert.
I didn't mind it then, why bother with a silly alert?
After few days I noticed problems like
- Cannot set "show hidden files and folders" inside the Tools-->Folder Options-->View
- Contaminating every USBs plugged into it.
They asked me to check whether amvo.exe is the culprit.
To check that I Run msconfig. In the "Startup" Tab I found amvo.exe (Details)
Bingo! Got the virus/malware!
Now how to remove it?
Again I googled it. (What will be life without Google?) [:)]
Saw some options at the Digital me 's Blog.
Since it was based on manipulations on Windows Registry, I opted not to go for it.
Was totally at sea, on what to do next.
Then I started reading Comments for the topic at the Digital me 's blog.
I came across a splendid method by Olalekan
Based on that some steps were formulated.
Login inside Windows as Administrator or with Administrator previleges.
Run cmd (Opens DOS Window)
Now type C: to get to the C Prompt inside the DOS
Type: taskkill /im explorer.exe /f (Ends the Process "Explorer.exe". Important since virus spreads through Explorer)
Type: cd %systemroot%\system32 (Accessing System32)
Type: del amvo* /f /q /as (Deleting every file starting with amvo)
Type: cd \ (Going to Root Directory)
Type: dir /ah (List Hidden Files)
Now the Virus will be listed as"blahblah.com".We should delete it.
Note: The virus can never use NTDETECT.com ( Deleting it will cause big time troubles for you)
Now delete the virus using
del blahblah.com autorun.inf /f /q /as (My amvo used something like "iw1eg.com")
The virus is disposed from C:/ .
Now its the turn of other drives.
Suppose you have C:/, D:/, E:/ in your system. Repeat these processes for each drive.
ie. inside cmd type: D:
Now we have reached D: prompt, repeat the steps mentioned above for it too.
Do the same for E:/ and F:/ (if there is one)
After deleting from all these drives, restart the explorer by typing "explorer.exe"
Now the prevention from future attacks
Disabling AutoPlay for all drives
Start > Run > gpedit.msc
Inside it go to --> Computer Configuration > Administrative Templates > System > Turn Off Autoplay --> Enable
Now if you wanna View hidden Files a small Change in Registry is required.
Start > Run > regedit
Inside it Set
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue as 1
Thats all to it Guys! [:)]
0 comments on "Cant Set "Show Hidden Files" aka Removing AMVO.EXE"
Subscribe in a Reader
Post a Comment