My computer seems to be infected with this hacktool.rootkit. The computer is creating problems.Yahoo messenger does not work.The hidden files are not displayed and the the drives open up in new windows(even thought that option is disabled).Please help me to remove it,i have formatted my windows drive and reinstalled windows again,but still that hacktool has not gone.Also whnever i boot the computer and log onto windows, a message is displayed :"amvo.exe the memory has encountered an error ato 01FFXX" something like that.
PLease help
Thanks
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into your reply
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:08 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
time for safe mode:
you might want to copy/paste this into notepad and save it so you can read it in safe mode.
to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list safe mode. once at the safe mode desktop navigate to the:
C:\WINDOWS\system32 folder
see if you can locate and delete:
amvo.exe
while in safe mode run your Symantec antivirus
reboot normally, post back let me know how it went. i also suggest you do the online scan at ESET online
well i did what u told.However it didnt help.I fixed it using hjt. Then i booted in safe mode and tried to locate that amvo.exe.
However it dsnt show as it must be a hidden file and that virus doesnt let me show hidden files.I even ran Norton Antivirus Scan ,but no use.
But listen,
after deleting amvo.exe using hjt and then booting in safe mode,i again booted the pc normally and this time no message of amvo.exe came but someother application.
I have included a screenshot of what appeared.However,after shutting down and rebooting again,amvo.exe message was showed again.It seems that amvo.exe gets deleted and comes back again.
Please try helping me more.Thanks fr your help already.
Waiting to hear from you.
How to show you the screenshot ??
:( give me your email.
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
--------------------------------------------------------
Download GMER's application from here:
Click the Rootkit tab and click the Scan button.
Please, do not select the "Show all" checkbox during the scan.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
------------------------------
