Amvo.exe is almost certainly malware. You are probably best posting a HijackThis log.
Because of planned forum maintenance regular Dell HJT experts are advising to register here to post HijackThis logs. (Use your same username as here at dell) Follow these instructions.
Alternative forums to post HJT logs can be found here
Hi Melboy, I don't have updated version of panda, avg antivirus as i don't have internet at home. any other way to safely remove this file amvo.exe. Thanks in advance
Can you use Safemode with networking to get online? Or is it that you have no internet service provider subscription at home? (It seems odd that you would have the infection without having had internet access.)
If you have no internet, perhaps you could use a computer with internet access to download DrWeb-CureItto a USB stick or burn it to a CD. Then you could transfer > save it to your desktop on the infected computer. .
DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with DrWeb-CureIt as follows:
Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan tab" and UNcheck "Heuristic analysis"
Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
If not given a choice select "custom scan".
Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
When done, a message will be displayed at the bottom advising if any viruses were found.
Click "Yes to all" if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
( This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your desktop in case ypu need to refer to it later.
Exit Dr.Web Cureit when done.
Important!Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
If that does not help, see if you can download HijackThis to the USB stick or burn it to the CD. Transfer > Run it on the computer without internet access. Save the log. Transfer the log to your good computer so you can post in on the forum suggested above. Until you can get online, you will have to do it that way.
As i don't have internet access at home. i have downloaded some file from internet at cybercafe and stored the files in my computer. this amvo.exe have came along with the files i have downloaded How dreadful can this file can effect my system. what exactly action did this file perform like utilising my ram or corrupting windows file. Thanks for any guidance
I'm presuming you pressed the solved button by mistake. :smileywink:
From what i can gather from researching this, it displays worm-like behaviour, and is spread by removable storage devices (flash sticks etc)
It can alter the registry so that hidden files cannot be shown, therefore other malicious files may be hidden. It can also prevent booting to safe mode in some cases.
As you are unable to download the tools needed to try to fix this , due to you not having an internet connection, then the next logical step would be to use another pc to download the tools to flash drives etc. (As Bugbatter has previously mentioned) As this is the method by which this spreads you might risk infecting other pc's , flash drives etc, in downloading the tools needed.
As Bugbatter is the resident expert in these matters i think it's best for me to defer to her judgment on this.
Okay, I've had a chance to do some research on this flashdrive infection. We have a couple of tools that can fix this, but your not having internet is going to really complicate the process. We cannot handle the cleanup on this forum. It will take several days and require some special tools.
You will need to post on a HijackThis forum, so a helper can analyze some logs. As mentioned by me and melboy, you will need to transfer tools and logs between computers. Because Dell will be performing maintenance on the boards during the next few days, I suggest that you register with your same username and repost your log here:
http://spywarehammer.com/ SpywareHammer has trained helpers and Microsoft MVP's on staff who will be glad to assist you.
thanks a lot for the information you guys are really doing great job.
@Bugbatter wrote:
Okay, I've had a chance to do some research on this flashdrive infection. We have a couple of tools that can fix this, but your not having internet is going to really complicate the process. We cannot handle the cleanup on this forum. It will take several days and require some special tools.
You will need to post on a HijackThis forum, so a helper can analyze some logs. As mentioned by me and melboy, you will need to transfer tools and logs between computers. Because Dell will be performing maintenance on the boards during the next few days, I suggest that you register with your same username and repost your log here:
http://spywarehammer.com/ SpywareHammer has trained helpers and Microsoft MVP's on staff who will be glad to assist you.
melboy
336 Posts
0
October 23rd, 2008 15:00
Amvo.exe is almost certainly malware. You are probably best posting a HijackThis log.
Because of planned forum maintenance regular Dell HJT experts are advising to register here to post HijackThis logs. (Use your same username as here at dell) Follow these instructions.
Alternative forums to post HJT logs can be found here
Good luck! :smileyhappy:
mash123
67 Posts
0
October 23rd, 2008 16:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
October 23rd, 2008 17:00
Hi, mash123,
Can you use Safemode with networking to get online? Or is it that you have no internet service provider subscription at home? (It seems odd that you would have the infection without having had internet access.)
If you have no internet, perhaps you could use a computer with internet access to download DrWeb-CureIt to a USB stick or burn it to a CD. Then you could transfer > save it to your desktop on the infected computer. .
DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with DrWeb-CureIt as follows:
- Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
- Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan tab" and UNcheck "Heuristic analysis"
- Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
- If not given a choice select "custom scan".
- Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
- When done, a message will be displayed at the bottom advising if any viruses were found.
- Click "Yes to all" if it asks if you want to cure/move the file.
- When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
- ( This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
- Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
- Save the DrWeb.csv report to your desktop in case ypu need to refer to it later.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
If that does not help, see if you can download HijackThis to the USB stick or burn it to the CD. Transfer > Run it on the computer without internet access. Save the log. Transfer the log to your good computer so you can post in on the forum suggested above. Until you can get online, you will have to do it that way.melboy
336 Posts
0
October 23rd, 2008 18:00
Hi Bugbatter :smileyhappy:
One instance of amvo.exe refers to a worm that spreads via removable storage drives.
(Under: More information)
Could this be how mash123 became infected if they don't have an internet access?
Bugbatter
3 Apprentice
•
20.5K Posts
0
October 23rd, 2008 19:00
mash123
67 Posts
0
October 23rd, 2008 20:00
melboy
336 Posts
0
October 23rd, 2008 21:00
I'm presuming you pressed the solved button by mistake. :smileywink:
From what i can gather from researching this, it displays worm-like behaviour, and is spread by removable storage devices (flash sticks etc)
It can alter the registry so that hidden files cannot be shown, therefore other malicious files may be hidden. It can also prevent booting to safe mode in some cases.
As you are unable to download the tools needed to try to fix this , due to you not having an internet connection, then the next logical step would be to use another pc to download the tools to flash drives etc. (As Bugbatter has previously mentioned) As this is the method by which this spreads you might risk infecting other pc's , flash drives etc, in downloading the tools needed.
As Bugbatter is the resident expert in these matters i think it's best for me to defer to her judgment on this.
Bugbatter
3 Apprentice
•
20.5K Posts
0
October 24th, 2008 00:00
You will need to post on a HijackThis forum, so a helper can analyze some logs. As mentioned by me and melboy, you will need to transfer tools and logs between computers. Because Dell will be performing maintenance on the boards during the next few days, I suggest that you register with your same username and repost your log here: http://spywarehammer.com/
SpywareHammer has trained helpers and Microsoft MVP's on staff who will be glad to assist you.
If you prefer a different forum, other forums that handle HijackThis logs are listed on Trend Micro's page here:
http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php?report=7784239
mash123
67 Posts
0
October 24th, 2008 12:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
October 24th, 2008 17:00