This is a very nasty virus,affected me when i plugged my pen drive at a internet cafe . It spreads via USB Memory Sticks. It cannot be seen in the process list, hides itself and hides all files , disables yahoo messenger from opening and also disables all security features . And my antivirus(AVAST) doesn't seem to find a problem! :(
Some Symptoms
- Cannot show hidden files
- Slows down USB devices
- Adds infections to plugged in USB devices
- Drives open in new windows from My Computer
...............So here is the solution for u guys :)
How to get rid off?Step 1 The usual way is to
Format the system, but it is not a permanent solution. To get rid run
regedit, find all keys related to amvo.exe or the name of the virus.
Run
msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.
Step 2Reboot and do the following changes to the Registry using regedit
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchidden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchsystemdirs en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced hidden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced showsuperhiden en 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced superhiden en 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN DefaultValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL DefaultValue 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun 0x00000091 (145)
Step 3From all the drives delete the
autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.
Step 4Reboot the system.
Do necessary changes as in Step 2, if you have not done those.
I hope that will do itInstall a good antivirus update it.
Prevent Autorun from USBs.
To disable Autoplay of all drivesStart > Run > gpedit.msc
Enable : Computer Configuration > Administrative Templates > System > Turn Off Autoplay