Yay! interim report done! *happy*
My lappy has been infected by a virus/worm... maybe itz from someone's pen drive... my antivirus couldn't detect it.. NOD32 sucks :P if your lappy/pc got infected by this virus/worm here are the solutions:
Copied from (digitalpbk.blogspot.com):
====================================================================
amvo.exe Virus Manual Removal Steps
My lappy has been infected by a virus/worm... maybe itz from someone's pen drive... my antivirus couldn't detect it.. NOD32 sucks :P if your lappy/pc got infected by this virus/worm here are the solutions:
Copied from (digitalpbk.blogspot.com):
====================================================================
amvo.exe Virus Manual Removal Steps
Intro
It spreads via USB Memory Sticks. It cannot be seen in the process list, hides itself and hides all files.
Some Symptoms :
Cannot show hidden files
Slows down USB devices
Adds infections to plugged in USB devices
Drives open in new windows from My Computer
How to get rid off?
Step 1
The usual way is to Format the system, but it is not a permanent solution. To get rid run regedit, find all keys related to amvo.exe or the name of the virus.
Run msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.
Step 2
Reboot and do the following changes to the Registry using regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer searchidden en 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer searchsystemdirs en 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced hidden en 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced showsuperhiden en 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced superhiden en 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN DefaultValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL DefaultValue 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun 0x00000091 (145)
-- OR --
Reboot into a different OS and do the following
Step 3
From all the drives delete the autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.
Step 4
Reboot the system.
Do necessary changes as in Step 2, if you have not done those.
To disable Autoplay of all drives
Start > Run > gpedit.msc
Enable : Computer Configuration > Administrative Templates > System > Turn Off Autoplay
-- OR --
Reboot into a different OS and do the following
Step 3
From all the drives delete the autorun.inf using command line (if on windows) or from a linux OS. Do not open the drive from the explorer as it would spread the virus again to this OS. If you have linux installed and can access all partitions on the disk, go delete the files and clear the trash on all drives.
Step 4
Reboot the system.
Do necessary changes as in Step 2, if you have not done those.
To disable Autoplay of all drives
Start > Run > gpedit.msc
Enable : Computer Configuration > Administrative Templates > System > Turn Off Autoplay
====================================================================
If you dont know how to do it... find the amvo removal tools... :P
No comments:
Post a Comment