V For Virus...
Posted: 5 July 2008
This is probably every PC user's worst nightmare. You put on your PC and see the tell-tale signs of an infection: just the thought of it makes me sick. Files gone, settings changed and all other kinds of funky shit. Why?I got annoyed with the number of viruses and other malware that me and other students using the computers in our college constantly have to put up with. I mean, its only natural that in such a large network, its difficult to manage a problem as rampant as the common computer virus, but its reached such a state that it's difficult to use a USB flash drive on most PCs and come away “clean”. And since I have to sync data between my college and home PCs almost everyday, flash drive use is inevitable. I wanted a long term solution.
Powerpoint.exe
Probably, the most common one you could find is the Microsoft Powerpoint.exe virus, characterized by the AutoRun option it adds to the Explorer context menu. Double-clicking the drive icon to access the drive activates the virus. Powerpoint is quite harmless though, it only does the above action to all the local drives on the infected PC, and from thereon will spread to any connected components. It is easily visible and makes no attempt to hide itself. Check the root of your drive: there will be a .exe file called Powerpoint. This virus also modifies the autorun.inf file to auto-execute the viral code when the flash drive is plugged in (if Autoplay has been enabled). Powerpoint is easily detected by most upto date antivirus software. My personal suggestion is to disable Autoplay on your home/office PC. Then, after plugging in your drive, perform a scan and delete the virus right away. Simple as that.
Amvo0.dll
The security threat posed by amvo0.dll has been flagged as relatively high. A few days ago, when I switched on my home PC, avast! showed me that a Trojan/Backdoor called amvo0.dll had been detected at my C:\WINDOWS\system32 folder. I clicked on “Delete Permanantly”, only to find that it respawned the next time my PC booted. I turned to Google. There were a number of sites that offered a number of long procedures to eliminate the trojan, but I was already disgusted and short of patience. Then I chanced upon a link to page onwhich a programmer had written a custom VBscript to get rid of the virus. I reluctantly used it and it worked! No more questions! You can download the script here. If you have been infected by amvo0.dll or any of its variants (amvo.exe, avpo.exe, amvo1.dll, avpo0.dll, avpo1.dll), then use this script immediately. Once downloaded, just double click on downloaded file, otherwise right-click and say “Open With Command Prompt”. I recommend once script execution is finished, restart your computer and execute the script again to ensure the complete removal of the virus.
Sujin.com.np
To end the week that was in fact strange, I discovered that my IE homepage had been to changed to http://sujin.com.np/. I was quite alarmed because I did not recollect doing so. Also the titlebar displayed “Sujin.com.np” instead of the usual Microsoft Internet Explorer. Thoughts of browser hijacking immediately came to my mind as I also recalled that np is the country-level domain extension for Nepal. I was very relieved to find out that the entire issue was just some prank pulled off by a graduate student from Nepal, which had been making the rounds of the Internet for some time now. It propogates through use of flash drives and is not detected by antivirus packages. It modifies the Registry and changes the IE homepage. Once again I located (after searching for sometime) an executable that reverses the damage done by sujin.com.np. You can download it here. Just run it and let it do its thing. Everything went back to normal. How convenient, I thought to myself. All in all a good week though…
