I used my flash memory in a internet cafe. At home, when i used my flash in my computer, webroot spy sweeper program showed me something wants to make itself starting at startup.
Only i understand that “amva” calls “amvo.exe”. I don’t know but it coused that i can’t see hidden files or folders. On Win XP os, i am tring to show hiddens from TOOLS>FOLDER CHOICES> SHOW HIDDENS. But i is not work.
( I am from Turkey and my english is so bad. If you have any opinion and answer please reply!!! )
Your flash is probably infected and tried to pass it on to your computer
Download & Run HijackThis.exe
[*]Download HJTInstall.exe to your Desktop.
[*]Doubleclick HJTInstall.exe to install it.
[*]By default it will install to C:\Program Files\Trend Micro\HijackThis .
[*]Click on Install.
[*]It will create a HijackThis icon on the desktop.
[*]Once installed, it will launch Hijackthis.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Copy/Paste the log to your next reply please.
Don’t use the Analyse This button, its findings are dangerous if misinterpreted.
Don’t have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
I will look at this to see whether or not you are clean
Hosgeldin elt42at,
There’s a solution here:
http://rebelgames.blogspot.com/2007/12/dealing-with-disabled-administrative.html
Windows xp pro has gpedit.msc (group policy editor), just entered it changed the administrative template settings for registry and ctrl+alt+del back to not configured(disabled works fine too).
Should work if you have XP Pro.
Thanks FreewheelinFrank!
I read the article which your attached link.
After then i clean startup enteries and registers from editor (regedit).
Now, i will solve its effects. The main effect is disabe authority of showing hidden files or folders. The “gpedit.msc” interface will help me for this problem.
Thank you for all answers and solutions. ( essexboy & FreewheelinFrank )
I see these:
THEN 3 name-known files appears:
avmo.exe , avmo0.dll, avmo1.dll
They are hidden and my system can’t let me see these.
So,
I entered the folder “c:\windows\system32”
after than i can see them.
First, i collect files in a rar file. Then, i deleted all of these 3 files but i can’t delete avmo0.dll. I think system using that.
I used this old way. Because, i couldn’t find the true permission in “gpedit.msc” interface.
Which address is true one to send the files to avast admins?
i suggest… try to use the taskkill command with the amvo0.dll
i works with me…
and also i sent a copy of that to avast aready.
Thanks for your opinion!
Finally, “avmo.exe” is inactive! I looked my flash memory with ms-dos command ( because, my system can’t see hiddens yet. User or admin, i can’t solve this proplem ) and i saw these three files,
autorun.inf, d.com, u.bat
I send them in a rar file to virus@avast.com
After update avast iAVS, “u.bat” file shown a trogen!
Cleaning registers is ok! System works well!
BUT, MY SYSTEM DON’T LET ME SEE HIDDEN FILES AND FOLDERS.
( I select “SHOW HIDDENS” from folder appearance. I accept OK then the choice not work and return older selection!!! )
Is there any idea for this problem???
Disk Heal fix this one, if I remember: http://www.luqsoft.com/diskheal/features.htm
Download: http://www.luqsoft.com/diskheal/download.htm
I installed diskheal!
But it could’t solve the problem.
The folder options accessibility is not inactive in my system. I can reach the control form but changes do not work. Second entry to form, the selections shows that my commands dead!!!
I clicked the fix buttons! But, the returs are “NO … bla … bla … DEDECTED!”.
i manage it by merging this in my registry…
try to look for this key in your registry, note that i intentionally use “?” in the main key, i wasnt’ sure if it will match yours’ so just try to look for this in your registry, and change the value. make a back up 1st incase it wouldnt’ work or screw things up. and also note that this fix will remove the choice in the folder option in the “show hidden” the default will become empty choice… but its will not do any unlikely effect for sure…
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-21-???-???-???-???\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
“Hidden”=dword:00000001
“SuperHidden”=dword:00000001
“ShowSuperHidden”=dword:00000001
Different bug, but the reg keys you want are the same for showing hidden files, but you will have to make sure the critter is dead or the keys will change back.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.JRC&VSect=Sn
These links for the amvo variaty
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LEGMIR.FU&VSect=Sn
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NSPM.YT&VSect=Sn
sir those key that i am suggesting will somehow hide or delete the default choice in the “show hidden file” superhidden and hidden files will show up. i sugest this because even after the disinfection takes place the show hidden files will not work. it is due to the fact that it is set to the value of “3” in the registry as i have observed. anyways youre’ definitely right that the culprit should be terminated first or all the effort will go to waste…
The hiddens problem is solved!!!
Thanks vartismz!
I changed the values from registery.
1 - HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/
WINDOWS/CURRENTVERSION/EXPLORER/ADVANCED/
FOLDER/HIDDEN/NOHIDDEN/
checkedValue = 0 and defaultValue =0
2 - HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/
WINDOWS/CURRENTVERSION/EXPLORER/ADVANCED/
FOLDER/HIDDEN/SHOWALL/
checkedValue = 1 and defaultValue = 1
3 - HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/
WINDOWS/CURRENTVERSION/EXPLORER/ADVANCED/
FOLDER/HIDDEN/HIDDENFILEEXT/
checkedValue = 0 and defaultValue = 0
Probably, step 3 solved that problem but i changed all of them.
i think the 3rd just unhide the hidden extension or extra hidden extention whatever… have you encounter the “funny ust scandal” virus? it is masked as an .avi file, like this>>> “funny ust scandal.avi” but it has hidden extension, the real file name is “funny ust scandal.avi.vbs” if am not mistaken.
anyways, good thing we made it work for you.
^V^
I am usually trying so lots thing that my computer becomes format-monster.
My department is electronic. I’m really near computer ( pic programming with asm, using serial/parallel port with c++ … ) but the time is not enough which i can find out of my works.
We tell, say, write and somebody says the true one of its way or name!
LOTS OF THANKS WHO TRYING TO HELP US!!!
format monster? do you mean reformatting your hard drive always?
and yep thanks so much too to avast and avast team for providing us with free software and online board/forum such as these…
^V^
Why don’t you make images of your partitions and then don’t have to start from the early beginning? 
and i suggest Acronis true image… 8)
Me too…
Although, Norton Ghost usually does a good job too.
Taking image is sounds good!
I only used MS Virtual Pc 2007 but it is different a bit i think!!!
I heard that “Ghost” is a remote pc managemet program! ( ??? )
For now, can i take my all programs and files to an image which divided to DVD parts with norton ghost?
Norton Ghost smells salaried! Is there any free program?