How to remove Win32NSAnti dcom virus without any antivirus tool

How to remove Win32NSAnti dcom virus without any antivirus tool

Trouble:

Recently we received a mail from one of our readers whose computer was infected by Win32/NSAnti virus, this virus mainly causes drive opening problem by double click in windows XP.

If your system is infected by this virus you can’t see hidden files and folders , even after applying the settings to show hidden folders. This setting is reverted back to Don’t show hidden files and folders by the virus.

This happens because virus protects the two hidden ,system files called d.com and autorun,inf which are created by amvo.exe and amvo0.dll , amvo1.dll which resides in system32 folder on the OS drive (hard disk partition on which windows operating system is installed).

Fix:

In order to fix the problems caused by this virus ,you will need to delete all these files created by the virus.

Follow the set of commands to delete these files

1. Open Start>>Run and type cmd and press enter. This will open windows command prompt window. On this window, type as directed in steps further and press enter at the end of each step.

2. type cd\

3. type cd windows\system32

4. type attrib -r -h -s amvo.exe

5. type del amvo.exe

6. type attrib -r -h -s avmo0.dll ,repeat the steps 5 and 6 again to delete avmo1.dll

7. now type d: and press enter for d: drive partition.

8. type attrib -r -h -s autorun.inf

9. type del autorun.inf

10. type attrib -r -h -s d.com

11. type del d.com

Similarly repeat from steps 8 to 11 for all your hard disk partitions to remove the files created by the virus.

Note: Above procedure may seems cumbersome but proves to be of great help to repair your system, if none of your anti-virus tools is able to solve the problem and remove the infections caused by the virus.

Updated (21 Jan 2008):

We have just received some comments by the users who do not find above method useful as they were not able to remove amvo.exe virus by following the above method.

For all those who are facing issues with the above method, can follow the steps given below to remove the virus.

1. First download Trend Micro HijackThis from here

2. Install and run the scan ,you will see an entry like this :

HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

3. Check the above entry and click on the button which says Fix Checked and click yes on the prompt.

4. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system

5. Open my computer and go to folder options >> check the option show hidden files and folders. Also un-check the option Hide protected operating system files (This will give a warning message, confirm by pressing yes button). After this click Ok.

6. Now access all your system drives by typing the drive letters in the address bar (for example c:) and delete the files like autorun.inf and other file with a name ms18us.exe (sorry but I am not sure about the second file name )

7. Also delete the files amvo.dll and amvo1.dll from windows/system32 folder.

Updated ( 28 Jan 2008)

Note: Looks like that for most of the people both of the above methods are little bit confusing in terms of implementation.

So we would like tell another method to remove amvo and ampo virus by using a vbscript which you can download from http://www.en.mygeekside.com/?p=18 by clicking here. You can easily remove the virus by double clikcing the script.

PS: But we dont take any responsibilty if this script causes any damage to your system so use it on your own risk.

We hope the new solution for removal of win32/ns anti virus will help.