File: C:\ (or F:\) (Picture).

 

Image Attachment :

untitled.bmp   698KB (image/bmp)

If your computer is infected with the AMVO.exe and/or ta2.cmd, you will be unable to access your disk drives by double-clicking on the drive icons. Most antivurs programs will be able to detect these viruses but will be unable to successfully remove them.

The following are the steps i did to rid my computer of this problem. I hope this step-bystep instruction list will be of help! :-)

1. dont double-click on any disk drive icon on My Computer. Clicking this will activate the virus.

should you really have to access a drive, click the START button, click run, then type C: or D: or E:, depending on the drive letter you wish to access.

2. download a free version of ESEt NOD32 antivirus. It is sensitive to ta2.cmd and amvo.exe viruses. However you must disable your existing AV program

3. run the antivirus and allow the AV to delete/heal all found threats.

4. After the scan, press CTRL+ALT+DEL

5. In the Procceses tab, end the process of EXPLORER.exe

6. Click file tab

7. Click New Task.

8. Type CMD. The black Command prompt will pop out.

9. On the prompt, type del /a:h /f c:\autorun.*

the virus makes an autorun.inf file which is invisible to any windows search (even if hidden files are shown). doing step #9 will erase this autorun file.

10. If you have multiple drive/partition, repeat this step to all drive/partition (including removable disks), replacing "C:" with the appropriate drive letter.

11. search whether there are remnants of the virus which the AV failed to find. Type the following:

cd c:\windows\system32

12. Type dir /a:h /f amvo*.*

13. If you find a file named amvo.exe, amvo0.exe, or amvo0.dll, type:

del /a:h /f amvo*.exe

and

del /a:h /f amvo*.dll

14. Disable the virus which might have been put in autoplay during startup. Click on the START button. Click run and then type: MSCONFIG

15. go to Startup tab and uncheck amvo.exe

16. Remove traces of the viruses which might be left in the memory registry. Leaving them untouched may lead to the viruses' re-activation. Click on the START button. Click Run and type regedit.

17. Click on the edit tab, then the find button. search for these:

amvo
amvo*
amvo.exe
amvo*.*
ta2.cmd

whenever your search finds any of the mentioned files, delete the button where the file is found (located on the right window). after deleting, click f3 to find similar files in other pockets of the registry. when further copies are found, keep on deleting until the entire registry is rid of the mentioned virus files.

18. to make sure that the computer will not automatically revert back to the previous problematic settings. go to My Computer. right click and go to properties. go to system restore. Check the Turn OFF system restore.

19. Remember that up to this point you should not double click on any drive icon on the My Computer folder, for whatever reason.

20. Reboot your computer.

21. At this point your computer should be free of ta2.cmd and amvo.exe viruses. you may now double-click on any drive on My Computer.

22. return to My Computer properties and un check the Turn Off System restore Button.

 

good luck with your computer!

folder options. go to view. select show hidden files. click apply then ok. then go back to check if the show hidden files is still selected. if it automatically select back to "do not show hidden files" tell me. :-)

 

here's what you can do.

 

1. click start button

2. click run

3. type cmd, then ok

4. type c:\windows\system32, then enter

5. type del /a:h /f amvo*.*

6. click my computer

7. right click then properties, then click system restore

8. check "turn off system restore", then ok

9. click start button

10. clcik run

11. type regedit, then ok

12. click edit, then find.. then type amvo.exe

13. if the computer can find a file, delete the on the right window the highlighted icon which contains the amvo.exe.

14. click F3, if computer finds another amvo.exe delete. keep on clciking f3 then delete until the computer cannot find any amvo.exe anymore.

15. do the same thing for amvo.dll and amvo0.dll

16. restart computer

17. clcik start, regedit, then ok

18. open the folder HKEY_CURRENT_USER....then under  it the folder software, then microsoft, then windows, then current version, then explorer, then advanced.

19. on the right window double click on the icon hidden, then type the value 1.

19. back on the left window, open the folder HKEY_LOCAL_MACHINE\microsoft\windows\current version\explorer\advanced\folder\hidden\showall.

20. on the right window, double click on checked value, then type the value 1.

21. restart computer.

22. go to my computer, then right click, then properties, system restore. then uncheck "turn off system restore".

23. woopeedoo! your computer is now ok! :-)

 

i'm filipino, by the way :-)

 totally?

Trojan horse Generic10.QHJ

Trojan horse Vundo.N

Trojan horse Generic10.SHE

Virus Vundo

 

but they are all in vault and have not problems..but every day there is a new .dll in vault!

Anyone can help me:S?

 

my computer is infected with a trojan hourse generic 10 virus...... im not sure whats causing this problem but i cant access google, yahoo, download, or mayspace.. when i try to entre, the page just lags and it just does not go through!...... can anyone please help me

 

Among other things, her Generic 10 has disabled the taskmanager. I can't even run it directly from the "run" command; it just does nothing at all - no error messages, nothing.

 

In Windows XP, is there another way I can access the running processes to continue with Dr. Jim's instructions? If I knew of one, I've forgotten it.

 

Thanks in advance.

Thanks for the prompt response.

I did find something useful - a post somewhere reminded me of SuperAntiSpyware, so I gave that a shot. It gave me back my taskmanager. Regedit was giving me a "another process is using this" error message and my system tray icons were gone.

Possibly the same source indicated that I could make a copy of regedit.exe and rename it regedit.com, then run that from the "run" command (a handy back door) that let me in there. With SuperAntiSpyware, I've got the system tray icons back as well.

In the regsitry, I could find no trace of amvo or tc2 anything, so I think I have a different variation from the one you're describing. SuperAntiSpyware found a Vundo variant, NewJuan downloader, a fake SVCHost file, some MalwareAlarm (which I assume is a generic result, if you'll pardon the pun) in HKCR\MalwareAlarm.WebInstall, and indicated that B4FM.dll was suspicious but didn't automatically mark that one for quarantine. I quranatined it anyway. Unfortunately, since I can't get on here yet on her computer, I can't paste the logfile yet. When I can, I will.

My automatic updates won't turn on, no matter what I do, and I still can't get to any pages with search engines in IE, so I've got some improvement, but I'm not fully functional yet.