Removing y82td3td.com and amvo1.dll worms

5 Mar, 2008  Virus


I got shocked last night when I discovered that my computer was infected with a worm. Unfortunately, my Kaspersky Internet Security 6.0 was not able to detect this virus when it was injected into my Windows XP SP2.

The first noticeable effect of the said worm is a slight delay when opening your drive. This is caused by the autorun.inf file which is triggered everytime you open the root folder of your drive. This file is not visible from the normal view, not even when the Show Hidden files option is active.

To check if this file exists, you must execute a command line instruction from DOS. From your root folder (ex. C:\), you may enter attrib -s -h -r autorun.inf to disable the hidden, system and read-only options. If the instruction does not return any error message, then it can be confirmed that the file exists.

There are two files involved with this type of worm, the y82td3td.com and amvo1.dll. The process is similar with the first one. These two files are located on the following directories:

C:\y82td3td.com
C:\Windows\system32\amvo1.dll

To fix this problem, copy the following codes on notepad and save this file as fix.bat

attrib -s -h -r C:\Windows\system32\amvo1.dll
del C:\Windows\system32\amvo1.dll
attrib -s -h -r C:\y82td3td.com
del C:\y82td3td.com
attrib -s -h -r C:\autorun.inf
del C:\autorun.inf

Run fix.bat and restart your computer. This should solve the problem.

Problems caused by this worm:

It causes my Yahoo Messenger to crash or quit right after I hit the sign-in button.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • blogmarks
  • Bumpzee
  • description
  • Furl
  • Live
  • Ma.gnolia
  • Reddit
  • Slashdot
  • Socialogs
  • SphereIt
  • Spurl
  • StumbleUpon
  • Technorati
  • TwitThis
  • YahooMyWeb

Other articles

8 Comments so far »

  1. Gravatar

    cool_iceman said,

    Wrote on March 5, 2008 @ 12:08 pm

    thanks for the info, deepfreeze your drives then save your files sa flash disk.. cheers

  2. Gravatar

    Cesar Noel said,

    Wrote on March 6, 2008 @ 12:01 pm

    Very Common na virus na ito dito sa Davao. Usually USB ang mode of spreading niyan. Here’s a Tip if you are accessing someone’s USB on your unit try using the Explore method. (right click on the start button and select “explore”. Autorun virus like there activates when the USER double-clicks the drive.) you can find removal tools online search for IMG-Kulot.bat

  3. Gravatar

    Hasanein said,

    Wrote on March 15, 2008 @ 12:16 am

    HI

    thanks for the info, it works for me

  4. Gravatar

    Winston said,

    Wrote on March 20, 2008 @ 12:45 pm

    found another virus. I’m still finding ways on how to resolve the problem.

  5. Gravatar

    Winston said,

    Wrote on March 20, 2008 @ 1:00 pm

    sample again

  6. Gravatar

    Winston said,

    Wrote on March 20, 2008 @ 1:01 pm

    sample

  7. Gravatar

    sugato said,

    Wrote on March 31, 2008 @ 1:27 am

    Great, it worked

    thanks

  8. Gravatar

    MASUD_LAXMIPUR said,

    Wrote on May 13, 2008 @ 7:09 am

    PRESS WINLOGO+R THEN WRITE MACONFIG
    AND CLICK ON STARTUP CHAK OUT ON amvo
    AND DEL y82td3td.com FROM UR ALL DRIVE.

Comment RSS · TrackBack URI

Leave a Comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

Technology & Computers - Top Blogs Philippines