My drives inundated with d.com and autorun.inf. Is this a virus? I don’t know. I have tried with avast, macfee, avg, but none of them detect it as a virus. The main problem I detect it put d.com and autorun.inf in every drive. I tried with filemon to sort out who is the writer? I found explorer itself is the writer. So I guess it is a shell extension. I open a shell extension viewer and disable all extensions as I can’t recognize which one is responsible for all this. Then kill explorer process with procmon and start explorer again. So no shell extension is loaded this time. Now don’t open your explorer. Using other file browser which doesn’t use explorer engine I delete all the d.com, autorun.inf, amvo.exe and amvo0.dll. Last two will be found at WIN_DIR/shell32 folder. Now my PC is clean. That fucking shit is no more active. Now I am trying to sort out which shell extension is responsible for this. As soon as I sort out this hopefully you need not disable all shell extensions. Until you have to disable all of them. I will be grateful if anyone knows the shell extension name. I upload downloadable version of the programs I used.
Thanks a lot!
ReplyDeleteSeems that the only wirking thing in Google SERP is your article.
By the way - I was OUT OF RAGE when Symantec Antivirus Pro was unable 2 find and eliminate this sh*t.
Thanks a lot!!!
oh shit i also had this virus. i'm from singapore. i've used a virus scanner called avira, and it successfully removed d.com and the autorun. however, i am still unable to view hidden files and folders. I am also not able to open C:\ folder by doubleclicking it from my computer. Do u know what might be the problem?
ReplyDeleteOooooooops! One more thing to do, run msconfig from your run box. Uncheck amvo from your startup item. And delete that file from specified location. Don't forget to enable trusted shell extensions, otherwise your explorer may behave unexpectedly.
ReplyDeletesteps to clear it :
ReplyDelete1. kill explorer.exe
2. dont run it explorer in between
3. run cmd and
use these commands to delete the following files from each drive
del / P /F /A :SH d.com
del /P /F /A : SH autorun.inf
from windows/system32 folder
use these
del /P /F /A : SH amvo.exe
del /P /F /A : SH amvoO.exe
and this wud no more disturb you ..
for any queries/help contact me at atul.iiitm@gmail.com
Thanks!!!
ReplyDeleteand u miss one thing that is remove from startup, otherwise windows will show some error message at startup.
Thanks once again for participate!!!
I upload a small batch file for all these jobs named "ddotcomremover.bat". Try it out. I am not good enough in batch programming. :(
ReplyDeleteTopu bhai is that culprit who insist me for such worthless stuff.
I also studied it.
ReplyDeleteThe file it creates is amvo0.dll amvo1.dll.
all are hidden files.
first unhide at command prompt by
attrib -S -R -H C:\autorun.inf
attrib -S -R -H C:\windows\system32\avmo*.*
then delete them
use Avira Antivir. or clam AV. it will detect and clean.
But how to make the folder options-> view-> show all files and folder option TO WORK !!????
whenever i do it , it again hides the files.
This comment has been removed by the author.
ReplyDeleteGo to registry editor by running regedit in the run box.
ReplyDeleteGo to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced
In the right hand area, double click hidden and change the value to 1.
Now you’re all set to go. Check it in your tools menu if the changes have taken effect. Mine have already been fixed :-)
I am able to change my Show hidden file option through changing registry key, located at, HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Explorer -> Advanced -> Folder -> Hidden -> SHOWALL. Change the value of CheckedValue to 1, and thats it. Thank u back to life for youe suggestion i don't check that out. I guess both of them are should work.
ReplyDeletethank u so much i have no more word to thank u ..really m happy .i was suffering last 20 days now i find yr blog and sloved my problem...thanks for such a nice help all of us..keep it.....
ReplyDeleteYou can permanently disable the autorun feature so that these sorts of viruses can’t inundate through removable media. Here is how to Disable autorun
ReplyDeleteHKEY_CURRENT_USER\Software\Microsoft\
ReplyDeleteWindows\CurrentVersion\Explorer\Advanced doesnt works for me.... the value itself changes to 0 or 2 and if it 1 even then hidden files doesnt shows up.. any suggestions regarding this???
Ooops!!! there is an alternative suggestion already, anyway for your convenience I write it once again, change the value to 1 "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft /Windows/CurrentVersion/Explorer/Advanced /Folder/Hidden/SHOWALL"
ReplyDeleteHey bhoboghure jhor this is cool.
ReplyDeleteThanks!
Thanks for help.
ReplyDeleteZeljko, Bosnia