Atom Feed (xml)
[UPDATE] Download USB FIREWALL to protect your computer from this virus or remove it.
Recently I had a big time trouble with my computer as all the drives failed to open on double clicking and showed me a application selection window instead. After searching through the running processes and other settings I found that the show hidden files options in the folder options was also not working.
With the help of one of my friends [MOHIT] I fixed the issues.
The problem was due to amvo.exe amvo0.dll ampo.exe amvol.dll xfoolavp.com usdeiect.com and autorun.inf present in every drive’s root.
The fix works as follows…
open task manager (if ur task manager doesnt open and shows errors and warnings then use this tool ) and end task the above mentioned processes if u see them in the running process list from the processes pane. Then goto applications pane and click on new task and type in cmd or command. Once at the command prompt type in “cd\” without the quotes to goto the root of the current drive. Then type “del
where
After this open registry editor by clicking on new task and typing in “regedit” without quotes. Then goto HKCU > software >microsoft >windows >current version > explorer > advanced > then look for the hidden key in the right pane and change the value to 1 from 2.
And to fix the issues with drives not opening or search opening up on double click download this .reg (right click and save target as) file and double click it and add to your registry.
or do this…
copy every under this line paste in notepad save with .reg extension on ur desktop and double click it
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell]
@=”Open”
[HKEY_CLASSES_ROOT\Directory\shell\Explore]
[HKEY_CLASSES_ROOT\Directory\shell\Explore\command]
@=”%SystemRoot%\\Explorer.exe /e,/root,\”%1″
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec]
@=”[ExploreFolder(\"%l\", %I, %S)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\Explore\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\find]
“SuppressionPolicy”=dword:00000080
[HKEY_CLASSES_ROOT\Directory\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec]
@=”[FindFolder(\"%l\", %I)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\Open]
“BrowserFlags”=dword:00000010
“ExplorerFlags”=dword:00000012
[HKEY_CLASSES_ROOT\Directory\shell\Open\command]
@=”%SystemRoot%\\Explorer.exe /idlist”
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec]
@=”[ViewFolder(\"%l\", %I, %S)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Directory\shell\Open\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Directory\shell\Openddeexec]
[HKEY_CLASSES_ROOT\Directory\shell\Openddeexec\ifexec]
@=”[]“
[HKEY_CLASSES_ROOT\Folder\shell]
@=”open”
[HKEY_CLASSES_ROOT\Folder\shell\explore]
“BrowserFlags”=dword:00000022
“ExplorerFlags”=dword:00000021
[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec]
@=”[ExploreFolder(\"%l\", %I, %S)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\ifexec]
@=”[]“
[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Folder\shell\open]
“BrowserFlags”=dword:00000010
“ExplorerFlags”=dword:00000012
[HKEY_CLASSES_ROOT\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec]
@=”[ViewFolder(\"%l\", %I, %S)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\ifexec]
@=”[]“
[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Drive\shell]
@=”open_[1]“
[HKEY_CLASSES_ROOT\Drive\shell\find]
“SuppressionPolicy”=dword:00000080
[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec]
@=”[FindFolder(\"%l\", %I)]“
“NoActivateHandler”=”"
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application]
@=”Folders”
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic]
@=”AppProperties”
[HKEY_CLASSES_ROOT\Drive\shell\open]
[HKEY_CLASSES_ROOT\Drive\shell\open\command]
@=”%SystemRoot%\\Explorer.exe /idlist,%I,%L”
[HKEY_CLASSES_ROOT\Drive\shell\open\ddeexec]
[HKEY_CLASSES_ROOT\Drive\shell\open\ddeexec\topic]
@=”AppProperties”
_______________________________________ dont copy this line only till the above line.
These methods fixed all my issues without reinstalling windows which no i don’t like a all. I am thankful to Google and MOHIT.
find some more about this issue
Filed under: My Acomplishments, My Hacks | Tagged: amvo.exe amvo0.dll ampo.exe xfoolavp.com autorun.inf mt
for me the file name was amvo1.dll
Visit this site….to remove amvo virus…
http://www.en.mygeekside.com/?p=18#comment-193
Plese send me above tool
Download by clicking the link above….
Plese send me Download antivirus files
Download antivirus files
Thanks Ramana
Your VB programme is very good i get rid off by it for the virus of amvo.exe
thanks
This solution deletes/modifies registry keys/entries added/modified by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer’s registry.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
amva = “%System%\amvo.exe”
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
Restoring Modified Registry Entries
1. Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows> CurrentVersion>Explorer>Advanced
2. In the right panel, locate the entry:
Hidden = “1″
3. Right-click on the value name and choose Modify. Change the value data of this entry to:
2
4. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows> CurrentVersion>Explorer>Advanced
5. In the right panel, locate the entry:
ShowSuperHidden = “0″
6. Right-click on the value name and choose Modify. Change the value data of this entry to:
1
7. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows> CurrentVersion>Explorer>Advanced>Folder>Hidden>SHOWALL
8. In the right panel, locate the entry:
CheckedValue = “0″
9. Right-click on the value name and choose Modify. Change the value data of this entry to:
1
Removing Other Malware Key from the Registry
1. Still in Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Classes>CLSID
2. In the left panel, locate and delete the key:
MADOWN
3. Close Registry Editor.
Deleting Malware-created AUTORUN.INF/s
1. Right-click Start then click Search… or Find…, depending on the version of Windows you are running.
2. In the Named input box, type:
AUTORUN.INF
3. In the Look In drop-down list, select a drive, then press Enter.
4. Select the file, then open using Notepad.
5. Check if the following lines are present in the file:
[AutoRun]
;{Garbage}
open=xn1i9x.com
;{Garbage}
shell\open\Command=xn1i9x.com
;{Garbage}
shell\open\Default=1
;{Garbage}
shell\explore\Command=xn1i9x.com
;{Garbage}
6. If the lines are present, delete the file.
7. Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
8. Close Search Results.
Deleting the Malware File(s)
1. Right-click Start then click Search… or Find…, depending on the version of Windows you are running.
2. In the Named input box, type:
%System%\amvo.exe
3. In the Look In drop-down list, select My Computer, then press Enter.
4. Once located, select the file then press SHIFT+DELETE.
5. Repeat steps 2 to 4 to delete the following file:
%System%\amvo0.dll
%Temp%\zhklagpv.dll
(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.)