its a worm actually.
if u wanna delete this file pls do the following..
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
comment for further queries..
Saturday, October 20, 2007
Saturday, September 8, 2007
tsr programming
tsr-terminate and stay resident programming is a very excellent field where u can learn and explore a lot of intrsing stuff.
a best way to explore ur DOS kingdom..
these programs stay resident in ur memory once they are executd..and can be invoked any time wen u need using some hot keys..
This is achieved by capturing interrupts and adding our own ISRs(Interrupt Service Routines) in the IVT(Interrupt Vector Table)..
Each ISR is addressed by an Integer..There are totally 256 interrupts ranging from 0 to 255..
and v make our program resident using the keep() system call..defined under dos.h
TURBO C has the facility of caputring these interrupts and replacing our own ones..
some of the functions used are getvect(),setvect() ,enable(),disable()..,,etc..defined under "dos.h"
some of the interrupts are 8-timer
0x417-keyboard and many more..
TSR programming is really intrsting wen learnt thoroughly or even if v get a small essence of it..
All virus programs are essentially TSRs but its not the vice versa..
We can use these techniques to wirte out own anti virus programs taking care of our MBR(Master Boot Record) and even tackling file viruses..
I hav written a program which monitors ut MBR and notifies u wen any illegal access is done to tat..this is done by monitoring 0x413 or 0x414
I referred Writing TSRs Through C by Yashwant Kanetkar..
Post ur comments to know more about TSR Programming..
a best way to explore ur DOS kingdom..
these programs stay resident in ur memory once they are executd..and can be invoked any time wen u need using some hot keys..
This is achieved by capturing interrupts and adding our own ISRs(Interrupt Service Routines) in the IVT(Interrupt Vector Table)..
Each ISR is addressed by an Integer..There are totally 256 interrupts ranging from 0 to 255..
and v make our program resident using the keep() system call..defined under dos.h
TURBO C has the facility of caputring these interrupts and replacing our own ones..
some of the functions used are getvect(),setvect() ,enable(),disable()..,,etc..defined under "dos.h"
some of the interrupts are 8-timer
0x417-keyboard and many more..
TSR programming is really intrsting wen learnt thoroughly or even if v get a small essence of it..
All virus programs are essentially TSRs but its not the vice versa..
We can use these techniques to wirte out own anti virus programs taking care of our MBR(Master Boot Record) and even tackling file viruses..
I hav written a program which monitors ut MBR and notifies u wen any illegal access is done to tat..this is done by monitoring 0x413 or 0x414
I referred Writing TSRs Through C by Yashwant Kanetkar..
Post ur comments to know more about TSR Programming..
Subscribe to:
Posts (Atom)