Re: avmete.dll - Virus file - cannot remove
On Fri, 21 Dec 2007 12:46:20 -0500, Lynwood Page wrote:
> My virus protection software is telling me that I have a virus file at
> \windows\system32\avmete.dll. The virus protection software will not remove
> it and I can not remove it even when I boot to safe mode. The error message
> just says that it can not be deleted. I am running Windows XP/SP1. Can
> anyone point me in the right direction for how to get this virus file
> deleted ? Many thanks.
"The only way to clean a compromised system is to flatten and rebuild.
That¢s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
If reformatting is not an option for you then
download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
The web site is in German but the MULTI_AV scanning tool is in English.
Anyway, go down to near of the bottom of the page and you'll see a box
titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see: Download
von www pctipp.ch and the link to download:
>> Multi_AV Scanning Tool 5.01 (679.88KB) -
Once you've clicked this link, it will bring to:
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470.
You will have to wait for a few seconds or so and the 'Download file'
window should appear - just follow the prompts to download Multi_AV.exe
If however the 'Download file' window does not appear don't panic, don't
click, don't do anything, just look for:
Der Download started in wenigen Sekunden automatisch.
Fall nicht, klicken Sie bitte -hier-.
Translated to English:
The download process is going to start in a few seconds.
If not, click -here-.
This should be pretty self-explanatory.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
Ignore the links displayed within this site as they are not valid anymore
and have not yet been updated to current status.
Still no luck? Go to:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Also:
"Your computer is not up to date with the latest version of Windows XP.
Upgrade to Windows XP Service Pack 2 (SP2) today to help keep your computer
secure (it's free!)."
http://www.microsoft.com/windowsxp/sp2/default.mspx
(do the upgrade to SP2 only after your OS is clean)
Suggested New Year resolution:
1. For day-to-day work/browsing operate as a 'normal' user i.e. utilize the
Limited User Account (LUA) and use the Administrator Account (AC) only
when absolutely necessary.
2. Secure, tighten up your Operating System (OS).
3. Keep your OS and all software on it updated/patched.
4. Reconsider using IE and OE.
5. Don't expose Services to public networks.
6. Use the in-build firewall and if applicable use a router.
7. Do not to use TCP/IP as transport protocol for NetBIOS, SMB and RPC and
leave TCP/UDP ports 135, 137-139 and 445 closed.
8. Routinely practice Safe-Hex.
9. Routinely backup your data.
10.Familiarize yourself with 'flatten' and rebuild your OS.
11.Review your installed 3rd party software applications;
Remove clutter.
Detailed elaborations pertinent to the above mentioned points can be
provided.
Read, comprehend and implement.
Good luck
--
Security is a process not a product.
(Bruce Schneier)