ntde1ect.com / avpo virus
Virus File Name:
ntde1ect.com (resembles the important system file “ntdetect.com” )
avpo.exe
Symptoms:
You are unable to open your hard drive partition by double click.
You are unable to see hidden/system files.
etc, yet to know
Behind the screen:
Two files “ntde1ect.com” and “autorun.inf” is copied into all drives.
Files “avpo.exe” and “avpo.dll” (hidden) is copied to the windows/system32/ folder.
Loads the “avpo.exe” at startup.
Solution:
1. Open taskmanager, goto processes and end task explorer.
2. New task explorer.
3. Run (save and merge) the registry file here
http://piyushlabs.googlepages.com/reg_ntde1ect.reg
4. Open MyComputer and goto tools>folder options>view -> select show hidden files & uncheck hide protected system files.
5. Goto view>explorer bar> folders and navigate from left side pane ONLY. Dont double click on drives.
6. Goto every hard drive partition and delete THESE TWO FILES ONLY.
ntde1ect.com
autorun.inf
****IMPORTANT****–> DONOT DELETE THE FILE “ntdetect.com” . IT IS AN IMPORTAND SYSTEM FILE. (note: ntde1ect has one “1” instead of T “t”).
‘1’ is virus whereas ‘t’ is an important system file.
7. Run msconfig. Goto startup. Uncheck (remove) “avpo”.
8. Goto Windows/system32 folder. Delete the hidden files: “avpo.exe” and “avpo0.dll”.
9. End task explorer. New task explorer.
DOWNLOAD
10 March, 2008 at 12:12 am |
hi,piyush.i’m tapan doing b.tech in bbsr.
i’m a boy like u,intrested in viruses.
i’m creating a batch file to remove this viruses.can u teach me to make a .reg file(it is showing not a valid application)
& can u teach me to search for a value in registry thrgh batch file
10 March, 2008 at 10:11 am |
TAPAN
nice work..
reg file not working because, its not in valid format.
open regedit, and export some registries to .reg, and checkout the samples, how it works.
no idea about searching.. ;(
23 March, 2008 at 4:46 pm |
gosh!
1 April, 2008 at 10:41 pm |
MY COMPUTER IS INFECTED BY AMVO.EXE VIRUS COULD YOU PLEASE GIVE ME A HAEL FOR THIS VIRUS
2 April, 2008 at 4:05 pm |
PRANAV
i dont have the solution yet
16 April, 2008 at 10:41 pm |
Good going DUde…..
Let the lab keep running 😉
7 June, 2008 at 5:38 pm |
HI… i just downloaded the heal pendrive.. .because my pen drive was infected with ntd1ect.com virus. However… after i heal my pendrive by removing dtd1ect.. i cannot access my pen drive already.
Help me please… my pen drive have my recent work… This work might cost me my job. Please help me
13 June, 2008 at 3:04 pm |
BRIJ
sure
CLEMENT
dude.
it will come after u restart the comp . coz it end tasks the explorer.exe
24 June, 2008 at 6:49 pm |
thanks man! I dind’t know that…. i feel stupid haha. Thanks !! This site is GREAT!
25 July, 2008 at 9:13 am |
Great job =)
28 August, 2008 at 4:13 pm |
Thanx man!!
4 September, 2008 at 11:35 pm |
my friend had this problem and gt it fixed.
I told him abt this site and he has thanked u…Ofcourse me too
18 October, 2008 at 7:11 pm |
Hello piyushlabs
i want to use the HealAntiVirus to my domain
as you know that it is exe software. when i tried to run it with the domain users it asks me to provide administrative privilige.
i converted the exe file to MSI file to deploy through group police it succeded but even when i try to run it after install it asked me to provide administrative privilige
So could you plz change the code to allow domain users to run the Heal without privilige.
also could you make the default behaviour to toogle run at startup autostart ??
or plz give me another solution to do in my Domain Enviroment
its very good to personal computers but i think hard to be implemented in domain enviroment 😦
16 November, 2008 at 10:12 pm |
thanks to this site…and more power
6 December, 2008 at 12:40 am |
Thanks a lot for the help