Use Sophos Rootkit removal and Keperskey rootkit
Disable the system restore
KILL all the processes like AMVO.exe or AVPO.exe
Type "msconfig" without quote in run and press Enter.
Go to startup tab and uncheck any entry on amvo.
Type "cmd" without quote in run
type "d:" and then press Enter
type autorun.inf and then press Enter
a file will open in notepad. this would have the name of the .exe/.bat/.com file in it, which is mounted at the boot time.
Type "regedit" without quote in run and press Enter.
Press Ctrl+F and type amvo, do the search again and again and delete all the related entries.
Press Ctrl+F and type u.bat, do the search again and again and delete all the related entries.
Press Ctrl+F and type amva, do the search again and again and delete all the related entries. Generally it should be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amva
search for the registry of file name which was entered in autorun.inf and delete all entries.
Now restart the computer. and do the followings
Go to regedit and then HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Advanced\Folder\Hidden\SHOWALL
Double click on the entry called CheckedValue and replace the 0 with 1.
Now Close all the windows and Press Ctrl+E to open the explorer.
Enable the hidden option from the folder options.
Delete all the malicious files as mentioned above.
Run Spybot and Malware tools clean up as normal
Your computer is now trojan free.
No comments:
Post a Comment