I Got Affected By amvo.exe,when a pen drive was opened In The System Without Scan.
AVG Identified the Threat,But Couldn’t Do Anything.
It Is Listed Online As A Major Threat,And I Took Some Steps And Removed amvo.exe,And The Autorun.exe Files It Creates In Each Root,And Flushed The Registry Of Any Key Related To amvo
It Was Too Late.The Virus Had Already Spread,Creating New Files,And Disguising Itself.
I Removed AVG And Installed BitDefender(I Have A Genuine License).It Too,Identified Some Corrupt Matter,And Removed It,But Was Unable To Remove Certain Files.
In Desperation(As It Was The Only Site Offering Any Worthwhile Description),I Ran PrevX CSI.It Identified The Malicious Files,But Requires A License To Remove. I Cannot Do A Free Scan Online(Like Trendmicro Housecall,As Computer Gets Heated Up,And Shuts Down,But That’s Another Problem).
There Are Now These Files And Directories(And Probably More)Which I Cannot Delete,Remove Or Otherwise Modify(Even Using DOS,Or Bulletproof FTP Client-Which Can See Hidden Files-amvo Had Disabled The Unhide Option)
hgGvUlJb.dll
ljJAPghG.dll
usgpcx.dll
kjugohic.dll
gvrcdvjp.dll
ssqQhggG.dll
pfvdcrvg.ini
GhgPAJjl.ini
GhgPAJjl.ini2
And A Folder Called Autorun.inf Which Denies Access!
Please,How To Get Rid Of All This?They’re Compromising My System.
I Had Already Done All That.
As I Mentioned..I HAVE Removed amvo.exe,But It Has Spread Into Some Other Form.
Besides Which,autorun.inf is appearing as a directory rather than a file on my system!
And no,scanning in safe mood hadn’t turned out different results.
get free Kaspersky AV for 30 days, clean your system than, after kaspersky license expired, move to COMODO internet security suit - which is free for life time & good too.
Update:-
Thanks Zanderzone.
Hitman 3 Removed Some Of The Malicious Files.
Others Still Persist.
No Longer Troubled By The Autorun.inf FOLDER
Any Way To Remove ALL The Malicious Files,Besides Format And A New AV?
Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”
If the value is incorrect, modify it to the valid value data.
Thanks For Your Help Everyone.
I Used A Combo Of Bitdefender+PrevX CSI+Hitman 3 To Remove The Malicious Files,Besides Numerous Changes In The Registry.
'twas A Professional Virus,I’m Bound To Say.
Autorun.inf Appeared As A DIRECTORY Rather Than A FILE In My System,Which Had Caused A Bit Of Confusion.
thanks Again.
I didn’t contribute one bit to solving your problem (net was intermittent and I missed this thread) but I’d just like to put in my 2 bits to this thread.
In ANY situation like this, a very good solution is using the Avast boot-at-scan feature and then running sdfix to reset the registry to their default values. I’m on Eset Nod 32 right now (Avast gives more false positives than Eset), but the boot at scan feature of Avast is a really convenient and powerful feature.
Also, virii like amvo spread thru pen drives and the best safeguard against virii like this right now is disabling auto-run on removable drives, opening removable drives thru the address bar or using vista/linux/mac. Changing your AV from any of the well known brands is not going to help much if you don’t follow safe practices. I know cos I clean at least 10 PCs a week with pen drive virii like these, all running competent AVs.
Again, sorry for putting my oft repeated “gyan” here after the problem has been solved and a whole 2 weeks have passed.
