# amvo.exe & nideiect keeps popping up. Undetectable by antivirus.



## batsD1 (Jan 12, 2008)

Just yesterday I plugged in a friends' USB drive into my laptop and PC and now I can't view my hidden files. Also if I open any of my drives Zone Alarm warns that some proggy called "nideiect.com" is trying to load something called "amvo.exe". If I disallow the program a dialogue pops up saying that some memory address cannot be accessed. Now I cannot open my drives by left or right clicking and have to open from the left pane of explorer. Tried searching the net and most sites say that it is a backdoor/trojan but most of the replies/solutions given are too confusing for me and involve editing the registry which I'm not very comfy with. Can anyone help with a simple easy to understand solution? I am using Avast, AVG antispyware, Spybot S&D with tea timer enabled, and Zone Alarm Pro. OS = Win XP pro. By the way I also ran Sophos Anti Rootkit but it did not detect anything.


----------



## slugger (Jan 12, 2008)

y dont u install a AV and perform a scan with updated definitons

even trial versions of KAV or NOD32 will do d job 4 u


----------



## batsD1 (Jan 12, 2008)

I already have an updated Avast but it doesn't detect.

If I install KAV 0r NOD2 will I have to uninstall Avast?


----------



## slugger (Jan 12, 2008)

not advisable to have 2 reatime AV scanners runnin @ d same time

advisable to uninstall Avast b4 installin KAV


----------



## Pathik (Jan 12, 2008)

Follow this
*www.thejackol.com/2007/09/10/removing-the-ntde1ectcom-and-autoruninf/
For noobs: use PrevX
Btw slugger good to c u back.


----------



## batsD1 (Jan 13, 2008)

Thanks Slugger and Pathik. Checked out the link but am still afraid to edit the registry and use command line coz I don't want to lose my data (5 years worth of work). I have backups but these are 3 months old. If I backup now will the trojan get transferred to my external drives? PrevX seems to be complicated too. I must apologise if I seem overcautious but my data is invaluable.


----------



## Pathik (Jan 13, 2008)

Use the manual method. It is safe.


----------



## Quiz_Master (Jan 13, 2008)

Few months ago I also got infected with it (Same reason as yours..)... Amvo is a Trozen Horse..., It disables your Registry and MSConfig too...

*www.greatis.com/reanimator.zip

It can remove the Trozen I think...

Or else..

1.) Download AD-Aware + SpyBot S&D + Kaspersky...
Install Them,,
1.1) Download this Tool...
*en.sergiwa.com/modules/news/article.php?storyid=2

This will remove all restriction like "You not able to view hidden files."
2.) Boot In Safe Mode...
3.) Delete All Suspected Files... (Amvo.exe, Amvo.dll etc..) 
4.) Run Above Mentioned Softwares..
5.) Clean or Delete every infected file ( Chances are many IMP files are infected now...)
6.) Reboot...

I think u will be safe now..

7.) Get a better Anti-Virus like Kaspersky. 

Edit := You may also want to check this link :=
*www.prevx.com/filenames/1360796256778365074-1644871667/NIDEIECT.COM.html


----------



## batsD1 (Jan 14, 2008)

Thanks for your reply Quiz Master. I DL KAV 7 and tried installing it after uninstalling Avast. But it is now asking me to remove Zone Alarm 7 which I am reluctant to do as it has served me for many years witout any hitches. Also I searched thru the KAV and ZA forums and it seems that KAV is incompatible with almost all of the known firewalls and AVs. SO it looks like its back to the manual option. I would be very grateful if Pathik can guide me step by step thru the process as on the jackol website the trojan under question is "ntde1ect.com" & "avpo.exe" whereas I am infected with "nideiect.com" & "amvo.exe". I am no computer wizard and am trying to save my work so I guess I am truly reluctant to try out something that may go haywire after reading all the horror stories of lost data on the net. Sorry if I am being a pest but I am truly grateful for your support. Thanks a million


----------



## ayush_chh (Jan 15, 2008)

hi!

my PC is also infected with the same trojan.

*problem:*
i cannot see my hidden files, super hidden files and whenever i click on any drive it takes a while to open and opens in a new window (this does not happen when i open DVD drive),sometimes i also get a memory dump error. I checked the task manager and found that whenever i click on any drive, a new process "u.bat" starts for a while and then ends.


i have tried many solutions from the Net but in vain. i have searched my PC and registry both for 'amvo.exe' and 'u.bat' and deleted all the entries related with them.

somebody please help me....

PS: my regedit and msconfig are working fine.


----------



## ayush_chh (Jan 16, 2008)

was trying since morning........... i removed it.........hhoooofff


----------



## kpmsivachand (Jan 16, 2008)

manual deletion is easy


----------



## ayush_chh (Jan 20, 2008)

right^^

i did that manually.


----------

