I got shocked last night when I discovered that my computer was infected with a worm. Unfortunately, my Kaspersky Internet Security 6.0 was not able to detect this virus when it was injected into my Windows XP SP2.
The first noticeable effect of the said worm is a slight delay when opening your drive. This is caused by the autorun.inf file which is triggered everytime you open the root folder of your drive. This file is not visible from the normal view, not even when the Show Hidden files option is active.
To check if this file exists, you must execute a command line instruction from DOS. From your root folder (ex. C:\), you may enter attrib -s -h -r autorun.inf to disable the hidden, system and read-only options. If the instruction does not return any error message, then it can be confirmed that the file exists.
There are two files involved with this type of worm, the y82td3td.com and amvo1.dll. The process is similar with the first one. These two files are located on the following directories:
To fix this problem, copy the following codes on notepad and save this file as fix.bat
attrib -s -h -r C:\Windows\system32\amvo1.dll
attrib -s -h -r C:\y82td3td.com
attrib -s -h -r C:\autorun.inf
Run fix.bat and restart your computer. This should solve the problem.
Problems caused by this worm:
It causes my Yahoo Messenger to crash or quit right after I hit the sign-in button.