Security Software Urgent Security Issue! Infected with amvo virus

[starbearer]

I Got Affected By amvo.exe,when a pen drive was opened In The System Without Scan.
AVG Identified the Threat,But Couldn't Do Anything.
It Is Listed Online As A Major Threat,And I Took Some Steps And Removed amvo.exe,And The Autorun.exe Files It Creates In Each Root,And Flushed The Registry Of Any Key Related To amvo
It Was Too Late.The Virus Had Already Spread,Creating New Files,And Disguising Itself.
I Removed AVG And Installed BitDefender(I Have A Genuine License).It Too,Identified Some Corrupt Matter,And Removed It,But Was Unable To Remove Certain Files.
In Desperation(As It Was The Only Site Offering Any Worthwhile Description),I Ran PrevX CSI.It Identified The Malicious Files,But Requires A License To Remove.
I Cannot Do A Free Scan Online(Like Trendmicro Housecall,As Computer Gets Heated Up,And Shuts Down,But That's Another Problem).

There Are Now These Files And Directories(And Probably More)Which I Cannot Delete,Remove Or Otherwise Modify(Even Using DOS,Or Bulletproof FTP Client-Which Can See Hidden Files-amvo Had Disabled The Unhide Option)
hgGvUlJb.dll
ljJAPghG.dll
usgpcx.dll
kjugohic.dll
gvrcdvjp.dll
ssqQhggG.dll
pfvdcrvg.ini
GhgPAJjl.ini
GhgPAJjl.ini2

And A Folder Called Autorun.inf Which Denies Access!

Please,How To Get Rid Of All This?They're Compromising My System.

 

[greenhorn]

a google search would have given you the info you need

the Digital me: amvo.exe Virus Manual Removal Steps

Warning. registry editing is not for noobs

 

[sohail99]

try scanning in safe mode! files might be accessible then!?

 

[starbearer]

a google search would have given you the info you need
the Digital me: amvo.exe Virus Manual Removal Steps
Warning. registry editing is not for noobs

I Had Already Done All That.
As I Mentioned..I HAVE Removed amvo.exe,But It Has Spread Into Some Other Form.
Besides Which,autorun.inf is appearing as a directory rather than a file on my system!
And no,scanning in safe mood hadn't turned out different results.

 

[Emperor]

get free Kaspersky AV for 30 days, clean your system than, after kaspersky license expired, move to COMODO internet security suit - which is free for life time & good too.

 

[starbearer]

Will Kaspersky Be Able To Give Better Results Than Bitdefender?

I've Already Tested Two AVs...

 

[rapt0r]

Try Avira antivirus, it is very good and free. Install it after you cleanup the system completely if possible.

 

[starbearer]

Try Avira antivirus, it is very good and free. Install it after you cleanup the system completely if possible.

That's Just The Point!HOW Do I Clean It Completely??

 

[rapt0r]

here you go:

Avira AntiVir Rescue System

this will burn a bootable antivirus cd which you can use to clean the system.

 

[zanderzone]

Download Hitman Pro 3 beta and let it do the work for you. This excels where NOD32, Kaspersky, AD-Aware, Spybot fails

link : Hitman Pro 3 - SurfRight

 

[starbearer]

Update:-
Thanks Zanderzone.
Hitman 3 Removed Some Of The Malicious Files.
Others Still Persist.
No Longer Troubled By The Autorun.inf FOLDER
Any Way To Remove ALL The Malicious Files,Besides Format And A New AV?

 

[rapt0r]

^ look 2 posts above, make a quick live cd and boot from it .

 

[blackbird]

one other method u could do is install another copy of xp ,and from that xp remove these files

 

[Party Monger]

amvo.exe - Kaspersky Lab Forum
This should solve the problem...

 

[Ank1t]

one other method u could do is install another copy of xp ,and from that xp remove these files

That will be giving up too easily

 

[Ank1t]

amvo.exe - Kaspersky Lab Forum
This should solve the problem...

I second that :hap2:

 

[metalheart]

I Had Already Done All That.

As I Mentioned..I HAVE Removed amvo.exe,But It Has Spread Into Some Other Form.

Besides Which,autorun.inf is appearing as a directory rather than a file on my system!

And no,scanning in safe mood hadn't turned out different results.

The exact same thing happened with me.

I removed the "autorun.inf" file in the command-prompt manually.

Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)

Stop wscript.exe process if available by highlighting the process name and clicking End Process.

Then terminate explorer.exe process.

In Task Manager, click on File -> New Task (Run).

Type "cmd" (without quotes) into the Open text box and click OK.

Type the following command one by one followed by hitting Enter key:

del c:\autorun.* /f /s /q /a

del d:\autorun.* /f /s /q /a

del e:\autorun.* /f /s /q /a

del f:\autorun.* /f /s /q /a

c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering the other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.

Also, open the registry editor and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):

"Userinit"="C:\WINDOWS\system32\userinit.exe,"

If the value is incorrect, modify it to the valid value data.

Cheers :hap2:

 

[starbearer]

Thanks For Your Help Everyone.
I Used A Combo Of Bitdefender+PrevX CSI+Hitman 3 To Remove The Malicious Files,Besides Numerous Changes In The Registry.
'twas A Professional Virus,I'm Bound To Say.
Autorun.inf Appeared As A DIRECTORY Rather Than A FILE In My System,Which Had Caused A Bit Of Confusion.
thanks Again.

 

[Naga]

I didn't contribute one bit to solving your problem (net was intermittent and I missed this thread) but I'd just like to put in my 2 bits to this thread.

In ANY situation like this, a very good solution is using the Avast boot-at-scan feature and then running sdfix to reset the registry to their default values. I'm on Eset Nod 32 right now (Avast gives more false positives than Eset), but the boot at scan feature of Avast is a really convenient and powerful feature.

Also, virii like amvo spread thru pen drives and the best safeguard against virii like this right now is disabling auto-run on removable drives, opening removable drives thru the address bar or using vista/linux/mac. Changing your AV from any of the well known brands is not going to help much if you don't follow safe practices. I know cos I clean at least 10 PCs a week with pen drive virii like these, all running competent AVs.

Again, sorry for putting my oft repeated "gyan" here after the problem has been solved and a whole 2 weeks have passed.

 

[Striker10]

USBVirusScan: Automatic virus scanning, when plug in USB Flash Drive

-> Use the above program for Automatic scanning(it calls the antivirus software to scan) on inserting the pen drive