Amvo.exe!!! Please help

°K£l†huzaD° · 11-04-2008, 08:31 PM

Guys i just got myself some virus into my HD. It's called (maybe) amvo.exe. My task Manager is disabled. I cannot open regedit and command prompt. It opens new windows. Can anyone tell me how to remove it . PLEASE!!!

I don't have an AV

**ico** · 12-04-2008, 01:01 PM

Why don't you install an AV??

NOD32 (www.eset.com) and Kaspersky (www.kaspersky.com) are the best AVs......

iMav · 12-04-2008, 01:41 PM

amvo.exe its the worst brred of viruses, iv been infected by it courtsey my college comps,

solution:

1. boot into linux - the best option

then go to each drive & pen drive of urs and then delete the exe and autorun.inf file, even if u have manually made an autorun file delete it and re-create later

2. download and run:

http://cid-7a9d87fa129538ef.skydrive...Public/fix.rar

this will bring back ur show all file option

3. open regedit:

run->regedit

search amvo, amva, tavo

then delete each entry no matte what it corresponds to

u should be done

Hrithan2020 · 18-04-2008, 10:45 AM

Have the same problem.Have got amvo.exe,svehost.exe & 8de.bat running.deleted entries in reg & also searched(hidden & s/m protected ticked).But no search results.

So I created a bat file to stop all these unwanted processes & scheduled it to run everytime i log in.
Ne other soln.Am not able to view hidden or s/m protected files.4got where the reg entries are.neway will try l8r.

iMav · 18-04-2008, 11:50 AM

please try the file given in point 2 here:

Amvo.exe!!! Please help

ayush_chh · 20-04-2008, 01:01 PM

try this link here

http://ayushchhawchharia.blogspot.co...jan-horse.html

the name of the files different every time BUT the types are always same....

one .bat one .com and one autorun.inf

the .bat and .com files can have any wired names just find out in your case.

here is the solution

http://www.thinkdigit.com/forum/show...51&postcount=8

sriharsha_mahankali · 24-05-2008, 04:38 PM

start->run->cmd->

1. Finish virus active proccess, better said: amvo.exe and avpo.exe from command line:

taskkill /f /im amvo.exe
taskkill /f /im avpo.exe

2. Remove system, hidden and read-only attributes to the virus files, this is possible using following commands from command line:

attrib -s -h -r C:\autorun.inf
attrib -s -h -r C:\ntdeiect.com
attrib -s -h -r C:\n1detect.com
attrib -s -h -r C:\n?deiect.com
attrib -s -h -r C:\nideiect.com
attrib -s -h -r C:\nide?ect.com
attrib -s -h -r C:\u?de?ect.com

3. Proceed to remove of these files using delete command with /f option to force deleting, /q option to delete without asking for confirmation and the/a option to say that the files to be deleted are file with attributes, from command line:

del C:\autorun.inf /f /q /a
del C:\ntdeiect.com /f /q /a
del C:\n1detect.com /f /q /a
del C:\n1deiect.com /f /q /a
del C:\nide?ect.com /f /q /a
del C:\u?de?ect.com /f /q /a

4. Now we remove hidden, system and read only attributes to the files located at C:\windows\system32 folder:

attrib -s -h -r c:\windows\system32\amvo.exe
attrib -s -h -r c:\windows\system32\avpo.exe
attrib -s -h -r c:\windows\system32\amvo0.dll
attrib -s -h -r c:\windows\system32\amvo1.dll
attrib -s -h -r c:\windows\system32\avpo0.dll
attrib -s -h -r c:\windows\system32\avpo1.dll

or beter said:

attrib -s -h -r c:\windows\system32\amvo*.*
attrib -s -h -r c:\windows\system32\avpo*.*

5. Once done this, we proceed to delete files of the virus located at C:\windows\system32 folder:

del /f c:\windows\system32\amvo*.*
del /f c:\windows\system32\avpo*.*

6. Now we delete from Registry the values created for the virus to avoid its automatic execution on system boot, from command line:

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v amva /f
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpo /f

7. And we restore option to see system and hidden files, from command line:

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f

8. Repeat steps 1-7 en all drives.

9. Restart the computer or if you prefer you can restart Explorer.exe proccess doing this from command line:

taskkill /f /im explorer.exe
start explorer.exe

ayush_chh · 26-05-2008, 08:39 PM

now thats a great work......did you find it or got it from somewhere.......??

you can create a batch file for these commands(since all of them are in command prompt)......and then one can just execute it......

11-04-2008, 08:31 PM	#1 (permalink)
°K£l†huzaD° Right Off the Assembly Line Join Date: Dec 2007 Posts: 36	Amvo.exe!!! Please help Guys i just got myself some virus into my HD. It's called (maybe) amvo.exe. My task Manager is disabled. I cannot open regedit and command prompt. It opens new windows. Can anyone tell me how to remove it . PLEASE!!! I don't have an AV

12-04-2008, 01:01 PM	#2 (permalink)
ico . Join Date: Jun 2007 Location: New Delhi Posts: 8,131	Re: Amvo.exe!!! Please help Why don't you install an AV?? NOD32 (www.eset.com) and Kaspersky (www.kaspersky.com) are the best AVs...... __________________ Won't be replying to PMs for a while. Stay in touch with e-mail. Read before asking / messaging any moderator for any query: FAQ + answers for new members Read all the sticky threads before asking any type of query. Most basic questions are answered in those.

12-04-2008, 01:41 PM	#3 (permalink)
iMav The Devil's Advocate Join Date: Mar 2006 Location: Masti Ki Paathshaala Posts: 7,015	Re: Amvo.exe!!! Please help amvo.exe its the worst brred of viruses, iv been infected by it courtsey my college comps, solution: 1. boot into linux - the best option then go to each drive & pen drive of urs and then delete the exe and autorun.inf file, even if u have manually made an autorun file delete it and re-create later 2. download and run: http://cid-7a9d87fa129538ef.skydrive...Public/fix.rar this will bring back ur show all file option 3. open regedit: run->regedit search amvo, amva, tavo then delete each entry no matte what it corresponds to u should be done __________________ "The problem that shows up with the three red lights on the console is a complex interaction with some very complex parts.” - Robbie Bach http://beingmanan.com twitter: manan \| Last.FM: manan

18-04-2008, 10:45 AM	#4 (permalink)
Hrithan2020 In The Zone Join Date: Apr 2008 Posts: 427	Re: Amvo.exe!!! Please help Have the same problem.Have got amvo.exe,svehost.exe & 8de.bat running.deleted entries in reg & also searched(hidden & s/m protected ticked).But no search results. So I created a bat file to stop all these unwanted processes & scheduled it to run everytime i log in. Ne other soln.Am not able to view hidden or s/m protected files.4got where the reg entries are.neway will try l8r.

18-04-2008, 11:50 AM	#5 (permalink)
iMav The Devil's Advocate Join Date: Mar 2006 Location: Masti Ki Paathshaala Posts: 7,015	Re: Amvo.exe!!! Please help please try the file given in point 2 here: Amvo.exe!!! Please help __________________ "The problem that shows up with the three red lights on the console is a complex interaction with some very complex parts.” - Robbie Bach http://beingmanan.com twitter: manan \| Last.FM: manan

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

20-04-2008, 01:01 PM	#6 (permalink)
ayush_chh In The Zone Join Date: Nov 2005 Location: Bangalore Posts: 486	Re: Amvo.exe!!! Please help try this link here http://ayushchhawchharia.blogspot.co...jan-horse.html the name of the files different every time BUT the types are always same.... one .bat one .com and one autorun.inf the .bat and .com files can have any wired names just find out in your case. here is the solution http://www.thinkdigit.com/forum/show...51&postcount=8 __________________ eXPerience is what a MAN learn's fROM..... Last edited by ayush_chh; 20-04-2008 at 01:01 PM. Reason: Automerged Doublepost

24-05-2008, 04:38 PM	#7 (permalink)
sriharsha_mahankali Right Off the Assembly Line Join Date: Sep 2006 Location: MahankaliSriharsha/kodad/nalgonda/telangana Posts: 22	Re: Amvo.exe!!! Please help start->run->cmd-> 1. Finish virus active proccess, better said: amvo.exe and avpo.exe from command line: taskkill /f /im amvo.exe taskkill /f /im avpo.exe 2. Remove system, hidden and read-only attributes to the virus files, this is possible using following commands from command line: attrib -s -h -r C:\autorun.inf attrib -s -h -r C:\ntdeiect.com attrib -s -h -r C:\n1detect.com attrib -s -h -r C:\n?deiect.com attrib -s -h -r C:\nideiect.com attrib -s -h -r C:\nide?ect.com attrib -s -h -r C:\u?de?ect.com 3. Proceed to remove of these files using delete command with /f option to force deleting, /q option to delete without asking for confirmation and the/a option to say that the files to be deleted are file with attributes, from command line: del C:\autorun.inf /f /q /a del C:\ntdeiect.com /f /q /a del C:\n1detect.com /f /q /a del C:\n1deiect.com /f /q /a del C:\nide?ect.com /f /q /a del C:\u?de?ect.com /f /q /a 4. Now we remove hidden, system and read only attributes to the files located at C:\windows\system32 folder: attrib -s -h -r c:\windows\system32\amvo.exe attrib -s -h -r c:\windows\system32\avpo.exe attrib -s -h -r c:\windows\system32\amvo0.dll attrib -s -h -r c:\windows\system32\amvo1.dll attrib -s -h -r c:\windows\system32\avpo0.dll attrib -s -h -r c:\windows\system32\avpo1.dll or beter said: attrib -s -h -r c:\windows\system32\amvo. attrib -s -h -r c:\windows\system32\avpo. 5. Once done this, we proceed to delete files of the virus located at C:\windows\system32 folder: del /f c:\windows\system32\amvo. del /f c:\windows\system32\avpo. 6. Now we delete from Registry the values created for the virus to avoid its automatic execution on system boot, from command line: reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v amva /f reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpo /f 7. And we restore option to see system and hidden files, from command line: reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f 8. Repeat steps 1-7 en all drives. 9. Restart the computer or if you prefer you can restart Explorer.exe proccess doing this from command line: taskkill /f /im explorer.exe start explorer.exe __________________ mahankali sriharsha telangana

26-05-2008, 08:39 PM	#8 (permalink)
ayush_chh In The Zone Join Date: Nov 2005 Location: Bangalore Posts: 486	Re: Amvo.exe!!! Please help now thats a great work......did you find it or got it from somewhere.......?? you can create a batch file for these commands(since all of them are in command prompt)......and then one can just execute it...... __________________ eXPerience is what a MAN learn's fROM.....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
amvo.exe & nideiect keeps popping up. Undetectable by antivirus.	batsD1	Software Q&A	12	20-01-2008 02:21 PM