Removing y82td3td.com and amvo1.dll worms

Posted by Winston on March 5th, 2008 and filed under Virus

I got shocked last night when I discovered that my computer was infected with a worm. Unfortunately, my Kaspersky Internet Security 6.0 was not able to detect this virus when it was injected into my Windows XP SP2.

The first noticeable effect of the said worm is a slight delay when opening your drive. This is caused by the autorun.inf file which is triggered everytime you open the root folder of your drive. This file is not visible from the normal view, not even when the Show Hidden files option is active.

<!--adsense-page-->

To check if this file exists, you must execute a command line instruction from DOS. From your root folder (ex. C:\), you may enter attrib -s -h -r autorun.inf to disable the hidden, system and read-only options. If the instruction does not return any error message, then it can be confirmed that the file exists.

There are two files involved with this type of worm, the y82td3td.com and amvo1.dll. The process is similar with the first one. These two files are located on the following directories:

C:\y82td3td.com
C:\Windows\system32\amvo1.dll

To fix this problem, copy the following codes on notepad and save this file as fix.bat

attrib -s -h -r C:\Windows\system32\amvo1.dll
del C:\Windows\system32\amvo1.dll
attrib -s -h -r C:\y82td3td.com
del C:\y82td3td.com
attrib -s -h -r C:\autorun.inf
del C:\autorun.inf

Run fix.bat and restart your computer. This should solve the problem.

Problems caused by this worm:

It causes my Yahoo Messenger to crash or quit right after I hit the sign-in button.

Like my post? Please share:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • BlinkList
  • blogmarks
  • DZone
  • Live
  • Reddit
  • Slashdot
  • Socialogs
  • SphereIt
  • StumbleUpon
  • Technorati
  • Ratimarks
  • blogtercimlap
  • eKudos
  • email
  • Fark
  • Gwar
  • LinkaGoGo
  • LinkArena
  • LinkedIn
  • Linkter
  • MySpace
  • Netvibes
  • Ping.fm
  • Tumblr
  • Webride
  • Wikio
  • Wists
  • Wykop
  • Yahoo! Buzz

Related articles

Tags: , , , , , , , , ,

About the Author

This entry was Visited 26663 times, 31 so far today. This entry was posted on Wednesday, March 5th, 2008 at 8:55 am and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

10 Responses to “Removing y82td3td.com and amvo1.dll worms”

  1. cool_iceman Says:

    March 5th, 2008 at 12:08 pm

    thanks for the info, deepfreeze your drives then save your files sa flash disk.. cheers

    Reply



  2. Cesar Noel Says:

    March 6th, 2008 at 12:01 pm

    Very Common na virus na ito dito sa Davao. Usually USB ang mode of spreading niyan. Here’s a Tip if you are accessing someone’s USB on your unit try using the Explore method. (right click on the start button and select “explore”. Autorun virus like there activates when the USER double-clicks the drive.) you can find removal tools online search for IMG-Kulot.bat

    Reply



  3. Hasanein Says:

    March 15th, 2008 at 12:16 am

    HI

    thanks for the info, it works for me

    Reply



  4. Winston Says:

    March 20th, 2008 at 12:45 pm

    found another virus. I’m still finding ways on how to resolve the problem.

    Reply



  5. Winston Says:

    March 20th, 2008 at 1:00 pm

    sample again

    Reply



  6. Winston Says:

    March 20th, 2008 at 1:01 pm

    sample

    Reply



  7. sugato Says:

    March 31st, 2008 at 1:27 am

    Great, it worked

    thanks

    Reply



  8. MASUD_LAXMIPUR Says:

    May 13th, 2008 at 7:09 am

    PRESS WINLOGO+R THEN WRITE MACONFIG
    AND CLICK ON STARTUP CHAK OUT ON amvo
    AND DEL y82td3td.com FROM UR ALL DRIVE.

    Reply



  9. Andrew Says:

    September 4th, 2008 at 7:25 am

    Hi
    Followed you instructions to the letter and it worked. Thanks.

    Reply



  10. Rory Branch Says:

    March 4th, 2009 at 7:36 pm

    uhm, you have to run exe, you retards. It wouldn

    Reply



Leave a Reply