How to remove Win32/NSAnti, d.com virus (Autorun virus, AVMO virus, Hidden Files problem)
If your system is infected by this virus you can't see hidden files and folders , even after applying the settings in "Folder Options" show hidden folders. This setting is reverted back to Don't show hidden files and folders by the virus.
This happens because virus protects the two hidden ,system files called d.com and autorun,inf which are created by amvo.exe and amvo0.dll , amvo1.dll which resides in system32 folder on the OS drive (hard disk partition on which windows operating system is installed).
Solution: In order to get rid of the virus you will need to delete all files the virus creates and resides into. Here's how you will do it.
- Open Start>>Run and type cmd and press enter. This will open windows command prompt window. On this window, type as directed in steps further and press enter at the end of each step.
- type cd\
- type cd windows\system32
- type attrib -r -h -s amvo.exe
- type del amvo.exe
- type attrib -r -h -s avmo0.dll ,repeat the steps 5 and 6 again to delete avmo1.dll
- now type d: and press enter for d: drive partition.
- type attrib -r -h -s autorun.inf
- type del autorun.inf
- type attrib -r -h -s d.com
- type del d.com
If your system is infected by this virus you can't see hidden files and folders , even after applying the settings in "Folder Options" show hidden folders. This setting is reverted back to Don't show hidden files and folders by the virus.
This happens because virus protects the two hidden ,system files called d.com and autorun,inf which are created by amvo.exe and amvo0.dll , amvo1.dll which resides in system32 folder on the OS drive (hard disk partition on which windows operating system is installed).
Solution: In order to get rid of the virus you will need to delete all files the virus creates and resides into. Here's how you will do it.
- Open Start>>Run and type cmd and press enter. This will open windows command prompt window. On this window, type as directed in steps further and press enter at the end of each step.
- type cd\
- type cd windows\system32
- type attrib -r -h -s amvo.exe
- type del amvo.exe
- type attrib -r -h -s avmo0.dll ,repeat the steps 5 and 6 again to delete avmo1.dll
- now type d: and press enter for d: drive partition.
- type attrib -r -h -s autorun.inf
- type del autorun.inf
- type attrib -r -h -s d.com
- type del d.com
Similarly repeat from steps 8 to 11 for all your hard disk partitions to remove the files created by the virus. The above method is manual attempt to eliminate the virus. But some people will have difficulty following that manner. For them an easier method below:
- First download Trend Micro HijackThis from here
- Install and run the scan ,you will see an entry like this : HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
- Check the above entry and click on the button which says Fix Checked and click yes on the prompt.
- Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system
- Open my computer and go to folder options >> check the option show hidden files and folders. Also un-check the option Hide protected operating system files (This will give a warning message, confirm by pressing yes button). After this click Ok.
- Now access all your system drives by typing the drive letters in the address bar (for example c:) and delete the files like autorun.inf and other file d.com
- Also delete the files amvo.dll and amvo1.dll from windows/system32 folder.
Posts
No comments:
Post a Comment