Saturday, January 19, 2008

n1deiect \ amvo\ avpo Virus - Removal Tip

This virus spreads mostly through removable drives. If you are unlucky to have your AV software disabled for performance boost and then if you double click the infected drive, you're going to have a bad week!

Unless you know how to kill it, that is. And I hope the following method would help you do just that. Please note that this nuisance comes in variants and the filename of the infection might be different for you. Please refer here to find out more about it.

Most probably, you noticed you are affected after you found out that you can no longer view hidden files, and when you double click your drives, the contents are shown in a new window.

Find out the filename of the virus by opening the autorun.inf files that it created in the root of all drives in notepad. Examples are n1deiect.com, amvo.exe, awda2.exe, etc. Now U can remove the virus by two methods - DOS way or my way :)

Fire up the task manager and end wscript.exe, explorer.exe. Also close any processes with suspicious names. Now open avafind, search for autorun.inf and awda2.exe (or whatever the filename you found in the autorun.inf file). Delete all the instances. Wait for a minute and search again. If the files are back, it means you didnt do it right. Try finding out the correct infected process in the tast manager and close it. (Use google)

The rest is simple. Search for amvo.exe and amvo0.dll (these reside in windows system folder) and delete them. If you cant delete them, use Unlocker tool to remove them.

Click Start>Run. Type 'msconfig' and press enter. Click the 'startup' tab and uncheck the entry 'amvo'.

Restart the computer. That's it.

Note : If U still cant view hidden files, use RRT tool to remove the restrictions.

I hope this would help you kill the sucker.

Update: Heard that the latest Kaspersky AV can clean this infection. I didnt confirm this.

2 comments:

Anonymous said...

Thx for your help. Killd teh sucka!

Aswin said...

You're welcome :)