It seems this virus is very intelligent one and it corrupts even the system files 'ntdetect.com' and 'ntldr'.
the associated files coming with this virus are:
ntde1ect.com,Indication to find out this virus is, when open a drive, its opening in a new window instead of in the same window. This might be because of autorun.inf.
autorun.inf,
avpo.exe,
avp0.exe,
avp0.dll, and
a directory with name hashxxx, containing scripts to block orkut and youtube sites, usually located only on 'drive with label C'.
We may find the instances of ntde1ect.com and autorun.inf in all the root directories of the partitions.
Another indication is we are not able to change the option of show hidden files option.
To remove this virus, no other way except booting the system in recover mode.
After booting the system in recover mode, switch on to respective partitions and try remove all the said files in partition's root directory and in /windows/system32 directory.
One important thing is to change the attributes of these files to readable format using 'attrib'.
ex:
c:/>attrib -r ntde1ect.comwill take out the 'no read' restriction on the files, so that we can delete.
Then have to remove the traces of this virus(avp0.exe, ntde1ect.com, ...) in regedit.
Posts
No comments:
Post a Comment
Drop your message here to get in touch with me