) is a backdoor Trojan that is installed with other malicious files. Backdoor Trojans
are very dangerous
because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. Read Danger: Remote Access Trojans
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately
to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised
. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router
, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure
. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
• "When should I re-format? How should I reinstall?
• "Help: I Got Hacked. Now What Do I Do?
• "Where to draw the line? When to recommend a format and reinstall?
Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following.
Please download WormFix.zip
& save it to your desktop. DO NOT use yet
. alternate download link
Reboot your computer in "Safe Mode
" using the F8
method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Close all Internet Explorer Windows and Run WormFix as follows:
- Double click the WormFix.Zip file to unzip it.
- Open the WormFix Folder.
- Double Click WormFix.vbe to run the program.
- Select OK at the prompt.
- Allow the program to run (your desktop will disappear, then re-appear. This is normal)
- When finished it wil produce a log located at C:\WormFix.txt.
- Copy and paste the results of WormFix.txt in your reply.
- Reboot normally.
Please download MsnCleaner.zip
by ElPiedra and save to you Desktop. (in addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.)
- Extract (unzip) the file to your desktop. (click here if you're not sure how to do this) but DO NOT use it yet.
- Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
- Double-click MsnCleaner.exe to run the tool.
- Click the "Analyze" button.
- If an infection is found, click the "Deleted" button.
- A report with the results will be created automatically after the scan and will be saved to C:\MsnCleaner.txt.
- Reboot normally and post the contents of MsnCleaner.txt in your next reply.
Please download Flash_Disinfector.exe
by sUBs and save it to your desktop.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Does ComboFix just remove "amvo" or fixes the problem, protecting my PC "forever" against this virusc ?
Please note the message text in blue
at the top of this forum.
You should not be using Combofix
unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert
", NOT for private use
. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer
Discussion pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, etc is not available to the public
in order to safeguard and protect the integrity of the tool
from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions.