Sunday, February 10, 2008

AUTORUN.INF removal procedure

Trojan horse has become a common and a nasty problem. It spreads quickly by pen drive. If your computer is infected by this virus you can't open your drives correctly. Follow the video to remove the autorun.inf file from ur pen drives to avoid infection ...........

Posted by amish at 10:25 AM 0 comments  

AMVO.EXE VIRUS REMOVAL PROCEDURE

This is a very nasty virus,affected me when i plugged my pen drive at a internet cafe . It spreads via USB Memory Sticks. It cannot be seen in the process list, hides itself and hides all files , disables yahoo messenger from opening and also disables all security features . And my antivirus(AVAST) doesn't seem to find a problem! :(

Some Symptoms


  • Cannot show hidden files

  • Slows down USB devices

  • Adds infections to plugged in USB devices

  • Drives open in new windows from My Computer

...............So here is the solution for u guys :)
How to get rid off?
Step 1
The usual way is to Format the system, but it is not a permanent solution. To get rid run
regedit, find all keys related to amvo.exe or the name of the virus.
Run msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.

Step 2
Reboot and do the following changes to the Registry using regedit
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchidden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchsystemdirs en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced hidden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced showsuperhiden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced superhiden en 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN CheckedValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN DefaultValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL DefaultValue 1


HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun 0x00000091 (145)
Step 3
From all the drives delete the autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.

Step 4
Reboot the system.
Do necessary changes as in Step 2, if you have not done those.

I hope that will do it
Install a good antivirus update it.
Prevent Autorun from USBs.

To disable Autoplay of all drives
Start > Run > gpedit.msc

Enable : Computer Configuration > Administrative Templates > System > Turn Off Autoplay

Posted by amish at 10:13 AM 0 comments  

Subscribe to: Posts (Atom)