ntde1ect.com / avpo virus

Virus File Name:

ntde1ect.com (resembles the important system file “ntdetect.com” )



You are unable to open your hard drive partition by double click.

You are unable to see hidden/system files.

etc, yet to know

Behind the screen:

Two files “ntde1ect.com” and “autorun.inf” is copied into all drives.

Files “avpo.exe” and “avpo.dll” (hidden) is copied to the windows/system32/ folder.

Loads the “avpo.exe” at startup.


1. Open taskmanager, goto processes and end task explorer.

2. New task explorer.

3. Run (save and merge) the registry file here


4. Open MyComputer and goto tools>folder options>view -> select show hidden files & uncheck hide protected system files.

5. Goto view>explorer bar> folders and navigate from left side pane ONLY. Dont double click on drives.

6. Goto every hard drive partition and delete THESE TWO FILES ONLY.



****IMPORTANT****–> DONOT  DELETE THE FILE “ntdetect.com” . IT IS AN IMPORTAND SYSTEM FILE. (note: ntde1ect has one “1” instead of T “t”). 

‘1’ is virus whereas ‘t’ is an important system file.

7. Run msconfig. Goto startup. Uncheck (remove) “avpo”.

8. Goto Windows/system32 folder. Delete the hidden files: “avpo.exe” and “avpo0.dll”.

9. End task explorer. New task explorer.


Heal for ntde1ect.com

Download Page for other heals

55 Responses to “ntde1ect.com / avpo virus”

  1. Tapan Jain Says:

    hi,piyush.i’m tapan doing b.tech in bbsr.
    i’m a boy like u,intrested in viruses.
    i’m creating a batch file to remove this viruses.can u teach me to make a .reg file(it is showing not a valid application)
    & can u teach me to search for a value in registry thrgh batch file

  2. piyushlabs Says:

    nice work..
    reg file not working because, its not in valid format.
    open regedit, and export some registries to .reg, and checkout the samples, how it works.
    no idea about searching.. ;(

  3. jean Says:


  4. PRANAV Says:


  5. piyushlabs Says:

    i dont have the solution yet

  6. Brij Says:

    Good going DUde…..
    Let the lab keep running 😉

  7. Clement Says:

    HI… i just downloaded the heal pendrive.. .because my pen drive was infected with ntd1ect.com virus. However… after i heal my pendrive by removing dtd1ect.. i cannot access my pen drive already.

    Help me please… my pen drive have my recent work… This work might cost me my job. Please help me

  8. piyushlabs Says:


    it will come after u restart the comp . coz it end tasks the explorer.exe

  9. Clement Says:

    thanks man! I dind’t know that…. i feel stupid haha. Thanks !! This site is GREAT!

  10. neovanatica Says:

    Great job =)

  11. Tamir Says:

    Thanx man!!

  12. vicky bhatnagar Says:

    my friend had this problem and gt it fixed.
    I told him abt this site and he has thanked u…Ofcourse me too

  13. Yasser Says:

    Hello piyushlabs

    i want to use the HealAntiVirus to my domain

    as you know that it is exe software. when i tried to run it with the domain users it asks me to provide administrative privilige.

    i converted the exe file to MSI file to deploy through group police it succeded but even when i try to run it after install it asked me to provide administrative privilige

    So could you plz change the code to allow domain users to run the Heal without privilige.

    also could you make the default behaviour to toogle run at startup autostart ??

    or plz give me another solution to do in my Domain Enviroment

    its very good to personal computers but i think hard to be implemented in domain enviroment 😦

  14. nimb0014 Says:

    thanks to this site…and more power

  15. murali.a Says:

    Thanks a lot for the help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: