How to remove Win32/NSAnti, d.com virus without any anti-virus tool

I hope that I can erase that virus… thanks for the info…

Dear Sir,
I have been followed your step, but still i could not able to delete amvo0.dll (it says unable to find the file in that specific folder) and i could not able to find the amvo1.dll

Pls give suggestion for this problem.

Regards
Gupta

well it doesn’t work so easily as is displayed.

You should look inside autoexec.inf to check the name of the other file is loaded in order to remove it as well as in the registry entries

And also check all the usb drives, as the virus uses them to spread itself. Dont open the usb drive, just explore it, to avoid autorun.inf to execute it again (maybe pressing shif while you insert the usb may help)

Hi
Im getting access denied for amvo0.dll file man
then what to do..?
Please help me man outoff this..

hey i did the second tip but HIJACK THIS couldnt find HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe…in my computer..can u plz help…..

found the solution, a combination of first and second works.

First, these files are not visible in windows explorer. Open command prompt, jump to the drive and run command dir /ah to view the hidden files. eg:

cd d:
dir /ah

you may see files like:
autorun.inf
d.com
and some other files

now do the following:

1. run Hijackthis tool and fix the amvo.exe file as suggested in second method (step 1-4).

2. In Start -> Run, enter “msconfig.sys”, and unchek the amvo.exe file from the startup list. It might be present there and restart pc.

2. after restart, DO NOT open/double click on any drive. Run the hijackthis tool again to ensure the amvo.exe file is not in the list. Now, execute the foll commands in command propmt:

cd c:\windows\system32
attrib -r -h -s amvo.exe
del amvo.exe
attrib -r -h -s avmo0.dll
del amvo0.dll
attrib -r -h -s avmo1.dll
del amvo1.dll

now, jump to each drive and run these commands:

attrib -r -h -s autorun.inf
del autorun.inf
attrib -r -h -s d.com
del d.com

for each extra hidden file, run the above commands with filename replaced.

When all the files are deleted, restart the machine, and again check with hijackthis tool.

Good luck.

Hi,
I have removes all the autorun.inf files from my system, I did not find any amvo.exe or such dlls. it says file not found. I have solved problem of drive opening but still I am not able see hidden file. when i try to folder options >> check the option show hidden files and folders. Also un-check the option Hide protected operating system files (This will give a warning message, confirm by pressing yes button). After this click Ok, still I got the problem to see hidden files….
Pls give suggestion for this problem.

Regards,
KK

@KK

Did you try the DOS way??
Open command prompt, jump to the drive and run command dir /ah to view the hidden files. eg:

cd d:
dir /ah

let me know if you still can’t see the files.

Hey guys,

I removed all the files indicated above. But I am still unable to enable “show hidden files”. And also, there is someting wrong with the system, I can’t install a program, there is always an error message.

Does anyone how to find the folder options congiguraiton file (*.ini or something). Maybe that could help me to enable the hidden files.

Thanks.

thanks so much nekhrun, ya it really works……..hey guys,try as nekhrun has said…

Man, Nekhrun’s method is right for only the autorun problem. But nothing happend with the HIDDEN FILE prblem. In the dos mode the hidden files are available, but in explorer the same problem. What to do with that. But obeously a big thanks to Nekhrun to atlest 1 solution. Cheers

@Neero

yes you are right. i have deleted all the virus files, but i am still having the hidden file/folder problem and still looking for the solution. let me know if you find any solution.

1. Go to your Start menu, click on Run and open up your Registry Editor by typing: regedit
2. Once there go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folde r\Hidden\SHOWALL
3. Double click the value called CheckedValue, and modify its data value (DWORD Value) to 1 (0×00000001)

Let me know if it works

Almost forgot….step 4

4. Go back to folder options (Tools>>>FOlder options>>>Click View Tab>>>Click Show Hidden files and folders>>>and OK)

And you win then have your HIdden files back!

@Chris

Yes it works

thanx a lot dude.

Hey,Its gr8 man.It is working.Thanks a lot.

O’ my good gracious lord o’ mighty, I can’t believe that the VB-script actually worked :’) I was so pissed off at all these solutions posted online, none of which actually did their purpose. A gazillion thanks for posting such a lifesaver man

There is another way if it’s too difficult for you, use this patch, download the file, extract and start, just click “patcher” and that’s all.

http://www.net-studio.org/application/autorun-av.php

thanku for u r help and solution

Thanks for that
i did as you said
but files avmo0.dll and avmo1.dll not found
also file d.com not found
now i persist problem with opening the partitions
when i double click the partition it says choose the program you want to use to open this file.
How do i fix this?

The file autorun.inf is still in your partition,

Download the patch http://www.net-studio.org/application/autorun-av.php
Put it in your desktop
Restart your pc in safe mode
Unrar the patch and open it
Click Patcher

—————
Another way :
Restart in safe mode
Go to start button
Select Run and enter cmd then OK
You are now in command prompt

tape and validate for each line

c:
cd\
attrib -s -h -r autorun.inf
del autorun.inf

do it for each partition you have
ex for d:

d:
cd\
attrib -s -h -r autorun.inf
del autorun.inf

etc…

Restart you pc

GREAT, GREAT, GREAT
Guys, you are life savers
THANKS, THANKS, THANKS
so many thanks for your invaluable comments
I solved this boring problem, just with your help.
I am GRATEFUL! :))

Hi Guyz, Ive been dosed with another problem. My cmd.exe, regedit.exe, computer management and other important “.exe” extentions/programs dont work. When I try to execute them i get the ffw message “This operation has been cancelled due to restriction in effect on this computer.Please contact your system administrator.” Does anyone have a solution for me PLEASE!!!!!!!!!!!!!!!!!

Thank u for u r tips to remove virus from my pc. Keep a good work .
I am very very greatful.
Thank u so muchhhh .

Thanks rohit and neckrhun for the solutions it seems that i finally erased it from my usb devices and hard drives…. luckily i have a system restore point just before i got the virus! thanks guyz

Thanks, i have solved my hidden file problem and now i am able to hide and retrive the files.

Dear sir,
I have solved the problem however once again i have to face the same problem. Through CMD command it shows that no such file is exit. When installing kill_amvo_virus_usb_en.vbs At the first time it is sucess and from the second time i have to face the same problem.
Please reply me.

hi All

i was facing the same issue.

the dos way was not working

i tried the script , it really worked for me .

thanks

Hallo, Experts.
my pc was infected by AMVO.EXE and was harrasing a lot, on Google i search solutions, i got also and i gone through it’s instruction also to remove this worm, but it was not effecting, the file was generating again and again,
but when i found trouble fixers,and specially the VB Script given in website of Trouble Fixers, as soon as i run it the Worm Amvo.exe become disappear,
you people are really Experts and should all must be given award. Please do continue help the pople like us who are not much aware with deep of computers, just we are operating.
and one more thing, you experts are required to use very very lucid language, so layman like us can understand, i:e: here in your website you’v mention TYPE ATTRIB -R -H -S, this line is not highlited when others all line which we have to type is highlited, so we may confuse that what is ATTRIB and who to write this -R-H-S..? etc. so my huble request to make it very easy, lucid and understable.
thank u very much.

kavi
(india)

@Kavi

Thnaks for your appreciation and suggestions. I have corrected the same.

Thank you so much for providing the solution to this unique virus. i had lost the hope of recovering my OS n thought only option which is left is to reinstall but u saved my time n effort.

Actually, first of all i tried ur VB script methood (bcoz that seemed to be the most simple one), but still it was d same, then i tried the 1st method, still d same, in the end i tried the 2nd method still it was d same. finally i restarted then applied this step 5 of 2nd option again [Open my computer and go to folder options >> check the option show hidden files and folders. Also un-check the option Hide protected operating system files (This will give a warning message, confirm by pressing yes button). After this click Ok.]
and then deleted the files amvo.dll and amvo1.dll from
D:windows/system32 folder.last

Atlast i got my healthy OS again.

i am so grateful to u, my gratitute is endless. . .

thanks a lot!! I’m very happy to have found this website to fix this virus. The first 2 methods didn’t work for me but the script did the job!! I was about to do a format and clean install of my OS when I found this website to get rid of the virus. Thanks!

I spent the whole day tying to fix this virus and eventually did it manually thanks to the clues i got from this site as well as some others. Its not that the manual method doesn’t work but that the names of the files created by the virus may differ. For example, the .exe file on mine was kavo.exe, not amvo.exe and the .com file was h2.com, not d.com or ntdelect.com. Of course, if you’re not too “good” at computers, removing it manually may prove difficult or impossible so its a great thing the scripts and patches exist. This was the worst virus that infected my system yet and several antivirus programs don’t even detect it.
You guys are doing a great job!

hi
this is sunil from Hyderabad,india

With VB script(Third option from above) i was able to solve my problem successfully and my OS was again running smooth and reiable.

thanks so much for the solution

bye
sunil
india

thnkq but i cant find amvo.dll in sys32

hi guys,
nekhruns stuff really worked. now im able to see all the hidden files. try nekhruns stuff.

@Tope:
it is pretty easy to delete the kavo but how do you stop the h2.com file from running?

I ran the script and AVG after which says it’s clean. But the virus come back on the next boot.

Any ideas?

The VBSCRIPT from geekside worked! Thank you very much, guys!

Awesome, I’ve try and it worked on my computer. I dun hav the virus anymore and are able to open the folder without any harrasing message. Try the vbscript, it’s easy and fast to remove the virus. Thanks alot!!!

Hi,
I removed amvo using the dos method. Thanks for your solution.

Thanks, It fixed bothe PCs
Well done, I refered this page to many people who are infected …
Love and hugs
Danielle
((^_^))

hi..can anyone tell me how to remove virus Mad.5131
thanks in advance.

oh my gosh! thanks so much! i’ve been trying to get rid of this thing for almost an entire day now. i haven’t slept. thanks so much!

If you are feel that you remove all virus then beware.
because amvo.exe is a similar avpo.exe and oufddh.exe two more files.You should also check avpo0.dll,avpo1.dll in
c:\windows\system32\.
try above method to remove this files
sonal.jain13@yahoo.com

hi friends..i have tried all the methods starting from the first one,i am not able to solve it..
when i run command prompt it says that it cannot locate amvo.exe file….
when i use the last method it says that u r system is disinfected from the virus…….
but when i try to check the settings it is not working……please help me

and also friends i cannot find HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe after i run the prescribed removal method……

i have a problem with taskmanager. it didn’t display last one week. what can i do for that.

@ Ponds

Please see the link below for solution to your problem
http://www.troublefixers.com/task-manager-disabled-problem-in-windows-xp/

thank you man
u are a genious

before the radio button used to go automatically to do not show my hidden files and folders and i couldnt use the show hiddn files and folders and now after running the script and doing few things on the registry editor the radio button automatically go to show hidden files and folders and i cant use the do not show hidden files and folders

very nice .prob solve.thanks

Woww woww wowww….its just amazing. Thanks a lot to whoever found this last solution. The 3rd and last solution is very easy to apply and it works 100%. Thanks Again friends

great script mine…. It works flawlessly…. you really saved me from formatting my system.. ya its obvious that even formating wont help in this case…
Cool work… Thanks again

i have some problem with new hidden virus which hide my unhidden file n folders.this virus only hide that files n folder which they attacked besides this i can see my hidden files n folders which are not infected.

I downloaded the microhijack software and fixed HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe. i did all the steps mentioned.
now when I go to msconfi>> startup, there is no amvo.exe.
what do i do?

thank a lot ,, ur really an expert..
the steps are really simple and easy for us…

O/ all. Just an extra note. I had the same symptoms but my files were named CKVO.exe, CKVO1.dll, MP.cmd, 0gjn3yw.exe and kqyg5uy.dll in the temp folders of all the users.

Could find any leads on any of the AV sites.

Your method worked brilliantly! just check your Documents and Settings\?User?\local settings\temp folder for hidden files using the dir /ah option. There might be some other fishy files in there!

THANKS!
O/

just go for d script provided it works…..it just rockkkkkkssssss!!!!!!

hey all i found new virus..even if i did complete format i.e right from partitions onwards.. that virus automatically attacks my system.That virus slows downs the system and even it stops the interenet connection.I cant able to browse net also. so pls frns tell me any remedy for that.. i have tried so manay antiviruses… with current updates… but again and again that virus is coming.. the viruses are..

MSRSD.pif
autorun.inf

even i did attrib -s -h -r .. but it generating again and again. no antivirus removing this…… so pls tell me the solution… waiting for ur response….

thnks for d solution i eliminate all my viruses… it is very useful tools… thnks for the great share/….

thanx 4 all ur advices
it worked initially but some days later agin the same thing happened
and now every time i start the pc , the same problem of opening the drives exists

I have 2 Gb pen drive transcend . When i insert a pen drive in my HLC laptop. it shows write protect & use another Disk.
And also same Pen drive insert an other desktop computer it is Ok, No problem??

What is the problem?
Plea. Solve the problem?

from
Sanju