Wednesday, August 27, 2008
Computers and Internet
I have spent more time on internet and computers than on my academic books. Am pretty proficient with computers, Windows, MSOffice, Photoshop, web designing, etc. I can help you out if you are stuck up with some problem with your PC or internet. Just post your query here and let me help.
Subscribe to:
Post Comments (Atom)
2 comments:
“Can’t view hidden files and folders?”
Symptoms
1. You can't see hidden files and folders, even if you try modifying registry.
2. Whenever you double click on drive icon on My Computer, it takes some time to open and always opens in new window.
3. Your PC becomes a little slower.
4. My APC UPS was not able to shutdown / hibernate my system when the power was down
5. My “Yahoo Messenger” would hang after I enter my username
6. I was able to intiate shutdown from Command Prompt, but was not able to abort it with the command “shutdown –a” from DOS.
7. The Process is packed and/or encrypted using a software packing process
8. This Process Creates Other Processes On Disk
9. This Process Deletes Other Processes From Disk
10. Loads and Executes a System Driver File
11. Writes to another Process's Virtual Memory (Process Hijacking)
12. Registers a Dynamic Link Library File
13. The Process is polymorphic and can change its structure
14. Violates Prevx File Security Settings
15. Executes a Process
16. Adds a Registry Key (RUN) to auto start Programs on system start up
17. The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
18. Modifies Windows Initialization And System Settings Used On Start up
19. My APC UPS was not able to shutdown / hibernate my system when the power was down
20. My “Yahoo Messenger” would hang after I enter my username
21. I was able to intiate shutdown from Command Prompt, but was not able to abort it with the command “shutdown –a” from DOS.
Causes
1. This problem can be a caused by a backdoor/Trojan amvo.exe.
2. amvo.exe is bundled with several other worms/files some of them are
a) 80avp08.com
b) dosocom.com
c) usdeiect.com
d) xfoolavp.com
e) autorun.inf
f) Nideiect.com
g) u.bat etc.. (a list of files is available here )
h) Xn1i9x.com
3. These files are stored on the directories i.e. C:\, D:\ etc. and also on C:\windows\system32\amvo.exe
4. You wouldn't be able to delete any of these files. Not even in Safe mode because it adds a autorun registry which loads amvo on boot
Solution:
1. Know what virus/worm has infected you and where’s the file located in your hard drive:
a) Scan your computer with Kaspersky Online Scanner to know what virus/worm you are infected with and where are their location on your hard drive. Write them on a paper along with their paths.
b) This scan may take quite some time (My 160GB hard drive took 2hrs). After the scan it’ll show you the culprit files and will ask to buy the AV software to cure those virus. Just note down the virus/worm names and their location and disconnect the internet.
2. KILL all the processes like AMVO.exe or AVPO.exe
3. Type "msconfig" without quote in run and press Enter.
a. Go to startup tab and uncheck any entry on amvo.
4. Type "cmd" without quote in run
a. type "d:" and then press Enter
b. type autorun.inf and then press Enter
c. a file will open in notepad. this would have the name of the .exe/.bat/.com file in it, which is mounted at the boot time.
5. Type "regedit" without quote in run and press Enter.
1. Press Ctrl+F and type amvo, do the search again and again and delete all the related entries.
2. Press Ctrl+F and type u.bat, do the search again and again and delete all the related entries.
3. Press Ctrl+F and type amva, do the search again and again and delete all the related entries. Generally it should be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amva
4. search for the registry of file name which was entered in autorun.inf and delete all entries.
Now restart the computer. and do the followings
1. Go to regedit and then HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Advanced\Folder\Hidden\SHOWALL
2. Double click on the entry called CheckedValue and replace the 0 with 1.
3. Now Close all the windows and Press Ctrl+E to open the explorer.
4. Enable the hidden option from the folder options.
5. Delete all the malicious files as detected by Kaspersky Online scanner.
6. Your computer is now trojan free.
7. Find all the amvo related files and delete them. (some of them are amvo0.dll, amvo1.dll etc.)
You can also try this way:
1. Go to task manager kill the processes explorer and wscript.exe(if available)
2. Now go to applications tab and press new task
3. Enter cmd in the cmd go to the drive c:\
enter del /f/q/a protectfile.vbs
and del /f/q/a autorun.inf
4. And now go to c:\windows\system32
and enter del /f/q/a secureguard.vbs
5. Now u have deleted all the infected files in ur system
and
6. Now goto
regedit and search for protectfile.vbs and delete all the files with this name
7. Again search for the secureguard.vbs
and u have to modify it as in the path del only"c:\windows\system32\secureguard.vbs... and let the other part of the path be there alive..
8. Restart ur system
thats all u r done...!!!!!!!!
Post a Comment