Topic: Malware that slows down your starup - amvo.exe

[F3RLs]

Recently one of kids decided to visit crack-keygen-related websites over internet.
As result the laptop got infected with some worm/malware/spyware called 'amvo.exe'

The symptoms were:
 - Slow or frozen processor at startup
 - Almost unable to use input devices - HID, etc
 - Unable to open Task Manager

The solution I've used:
 1. Boot with Safe Mode
 2. Terminate 'explorer.exe' process with Task Manager and Open Windows Shell (command prompt) only
 2. Search and Delete following files; amvo.exe, amvo0.dll, avpo.exe, kavo.exe, kavo0.dll
 3. Unregister amvo.exe from startup (use msconfig and regedit)
 4. Delete any registry entry with string 'amvo.exe'
 5. Reboot

After that the laptop started up flawlessly. There are a lot of names for this amvo.exe.
Since VirusScan Enterprise 8.5i with latest sdat/dat/patch could not detect it, I suggest
to look for amvo.exe IF your computer is not starting up properly.

Hope everyone get their computer virus-free.

[Samker]

Thank you, for this very useful information's. 

Maybe you have info. did other AV Companies (Kaspersky, Symantec...) detect this Malware?

 

[F3RL]

Maybe you have info. did other AV Companies (Kaspersky, Symantec...) detect this Malware?

I've used NOD32, BitDefender, Norton AV 2006 and using VSE8.5i P7.
None of those could not detect or de-infect this nasty program.
It's best practice to remove it by yourself.
P.S. I think I posted this without logged in so
my name is 'F3RLs' since it said 'F3RL' is reserved ?!

[Samker]

Ok, my friend. We will watch carefully this infection. 

P.S. I think I posted this without logged in so
my name is 'F3RLs' since it said 'F3RL' is reserved ?!

That's probably because you "own - register" Forum UserName F3RL and Guest don't have possibility to choose them...

Anyway, for me it's much better to post comments after Log in.



 

[haz]

I've had the same problem in the company before, and these were the steps I made too to overcome the problem, Thanks