amvo.exe and its variants


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Virus Information
	The virus Amvo.exe is propagated through partition and removable disk, the virus copies periodically "autorun.inf" and other files depending on the variant of the virus in all the partition of your system, if you remove them, these two files will go back to their places a few seconds after his suppression. We are not going to tell you its particularity each virus but we will tell you in totality. Just a little precision, all virus that patchs are already availables in this site are not included in this patch.
	File
	The virus puts files in system repertory: <System>\amvo.exe <System>\amvo0.dll <System>\amvo1.dll And stores too two files in temporary repertory: fq9.dll help.exe 2nux4.dll 5.dll 92izu.dll dykvagp.dll e.dll e7sf4.dll ezk.dll fqlq.dll pelqe.dll vupin8b.dll w4enx.dll zmcc.dll k2fvpt.dll e7sf4.dll fgshabuifhdvmis32.exe RarSFX0\32.exe 2m9mdmy.dll w2e.sys And puts two files per variant in the root folder of all partition and removable disk: Autorun.inf 3o.exe y82td3td.com i.cmd fppg1.exe ekugb3.bat
	Registry
	The following Registry Keys were created: HKCU\Software\Microsoft\Windows\CurrentVersion\Run amva <System>\amvo.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32 Creates value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32 (Defaul) = <Windows>\HELP\F3C74E3FA248.dll ThreadingModel = Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765} (Default) = SSUUDL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {1DBD6574-D6D0-4782-94C3-69619E719765} = ""
	WARNING
	This virus launches out automatically to each time you open or explore a partition or a removable disk, it is thus preferable to download this patch and to decompress it on the desktop, to start your machine in safe mode and of launching the patch, always in safe mode. This virus attempt to connect to this adresses http://www.microsoftmg.com/gut/mgg.exe http://www.om7890.com/mf2/help.rar Which engenders the downloading of this two files. Instruction on how to restart your computer in safe mode.

Latest fixs:

cftmonn.exe (ksven, Autorun.dhl)
sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
Noooh (Sys.exe, ComSys.dll)
NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
Kxvo.exe and all its variants
Kavo.exe and all its variants
VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here