Nov 29, 2008

Remove ntde1ect or avpo.exe virus

Ntdetect is a system file, a very important file without which your system won't boot. And virus makers used this name to create a virus to confuse people. The virus is named You can see that only difference is the virus has '1' instead of 't'. This virus is also called the avpo.exe virus. In some parts it leaves this name also.

This virus doesn't allow you to see the hidden files as well as double click will not open the drives. It has the files placed in the root of all the drives.

Now to get rid of this you can follow steps here to get back your settings for hidden files and task manager if its disabled.

--- Then go to task manager and end the process explorer.exe

--- Again restart that process by typing explorer.exe in the File --> New task in the task manager window.

--- If your task manager was not disabled then you can follow the two previous steps and download this file reg_ntde1ect instead of doing things manually as given in the link at the start.

--- Just double click on this .reg file and merge it into your registry. This will bring the folder options and other settings back to normal.

--- Now go to Folder Options --> View then select 'Show the hidden files and folders' and also uncheck the value 'Hide protected operating system files'

--- Now to delete the infected files go to the windows explorer and type the drive letter in the address bar like C: instead of opening the drives by double clicking.

--- Now you can see the file and also the autorun.inf files delete these files. Do not delete the ntdetect system file be very careful.

--- Now remove the avpo entry in the startup by going to msconfig from run dialog box.

--- Now go to the windows/system32 folder and search for avpo.exe and avpo0.dll files and delete them.

--- Once again end the process explorer. exe in task manager and restart it as earlier.

--- Restart your system and you are free from the virus.

If you have any difficulties to get rid of it just post here and i will try to help.

No comments:

Post a Comment