Virus Removal Tips

8/8/2019 Virus Removal Tips

1/10

How to Remove Autorun.inf

Autorun.inf Virus Removal

What is autorun.inf?

Autorun.inf is a setup information file or INF used to install or setup softwares and drivers. This is usually

used and seen on the CD ROM with the Autoplay. The autorun.inf makes the CD ROM will autoplay, it

means this will automatically play or setup upon clicking or play itself or what we called auto

installation. If you can see an autorun.inf in your CD ROM drive, this is normal.

When do we say that Autorun.inf is a Virus?

Some people says autorun.inf is a virus but the reality is not. Autorun.inf was only used by the virus to

execute or install themself by clicking. On the autorun.inf it contains a setup information or a program

setup that will trigger the virus to execute when they are being clicked by the user. This autorun.inf was

usually found in the windows C: or in the removable disk. And it is mostly set to invisible or hidden in the

windows drive or removable drive.

Ok here we go, let start removing the autorun.inf in your system drive.

First you must enable your Folder Options, make your hidden files be visible to your eyes. You can

enable by clicking-left to your My Computer > Tools > Folder Options.

You can follow this configuration when you enable the Folder Option to visible all the hidden files in to

your system drive.

After this, you can now start deleting the autorun.inf into your drive C: or removable drive. And you can

also remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe,

Svchost.exe or any unknown files that are exist in to the system drive.

How to Remove Kxvo.exe Virus Manually

OK here is another trojan virus again that one of the common problem in our PC is the virus - a

computer's parasite. Your PC performance will become slow and almost hang-up that would turn to

invalid boot-up of your PC. I just want to share it to you again a trojan virus that i've been experience in

my friend's internet cafe shop. This trojan/backdoor virus is almost thesame with the amvo.exe virus

which is very harmful that might your PC shutting down. After I have posted about how to remove

amvo.exe virus manually, some of you used this instructions and it works successfully, and some are not.

Well, in removing the kxvo.exe virus is almost thesame for process of amvo.exe virus. Below you can

check on how to do this, but we need to study first, what is kxvo.exe virus is?

What is kxvo.exe virus?


2/10


3/10


4/10

Go to MSCONFIG by typing msconfig in the RUN. And check the start-up settings and un-checked the

following files ?bar311.exe?, password_viewer.exe, or the ?photos.zip.exe if they exist.

2. Next go to your REGEDIT to edit some registry files that may cause the problems. Go to Run and type

REGEDIT edit the following registry .

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="userinit.exe,bar311.exe" ?> remove ", bar311.exe" only? leave userinit.exe because this is

used by Windows when you log-in?

[HKEY_CURRENT_USER\Software\Microsoft\Windows\

CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

"HideFileExt"=dword:00000000

"ShowSuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]

"autorun"="c:\Windows\pc-off.bat" ?> remove "c:\Windows\pc-off.bat" or delete the autorun key.

3. Press Window + R and place a drive you want to access like this C:, D: and Enter, when accessing the

drives to avoid triggering the autorun? Delete the autorun.inf and password_viewer.exe or bar311.exe if

they exist. And restart your PC now.

You maybe used the step #2 to checked if the bar311.exe if exist on the registry directories.

4. Use this method to delete the following files if you like just open notepad then type this following

syntax below:

@echo off

del /a /f c:\Windows\bar311.exe

del /a /f c:\Windows\password_viewer.exe

del /a /f c:\Windows\photos.zip.exe

del /a /f c:\Windows\pc-off.bat

pause

Then please save this as virusremoval.bat then click to run. This will execute the syntax to remove virus

running into your system.

If you are lazy to do this you can follow and go to this directories location and delete this file manually:

C:\Windows\bar311.exe

C:\Windows\password_viewer.exe


5/10

C:\Windows\photos.zip.exe

C:\Windows\pc-off.bat

And you?re done! Just simply of that you PC is now safe for the bar311.exe virus. You maybe used this

but I always recommend you to used any updated antivirus.

How to Remove Braviax.exe Virus?

After reviewing the braviax.exe virus while ago, I just want to share also on how to remove it into your

system files and folders running. That I know some of our users today are annoying in this kind of virus

running to your system, some anti-spyware advertisement pop-ups, that makes you annoying to your

work jobs.

Ok here we go! Before doing this and following this steps on how to remove braviax.exe, please make

sure to back-up first your computer to avoid system lost and data.

Please note: This manual removal process may be difficult and you run the risk of destroying your

computer..

Step 1: Use File Search Tool to Find braviax.exe

1. Just go to Start > Search > All Files or Folders.

2. In the "All or part of the the file name" section, type in "braviax.exe" file name(s).

3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click

"Search" button.

4. After the windows finishes your search, hover over the "In Folder" of "braviax.exe", highlight the file

and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need

the file path to delete braviax.exe in the following manual removal steps.

Step 2: Use Windows Task Manager to Remove braviax.exe Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.

2. Click on the "Image Name" button to search for "braviax.exe" process by name.

3. Select the "braviax.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other braviax.exe Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.

2. Type in "dir /A name_of_the_folder" (for example, C:\my-folder), which will display the folder's

content even the hidden files.

3. To change directory, type in "cd my_folder".

4. Once you have the file you're looking for type in del "my_file".

5. To delete a file in folder, type in "del my_file".


6/10

6. To delete the entire folder, type in "rmdir /S my_folder".

7. Select the "braviax.exe" process and click on the "End Process" button to kill it.

Good luck to everyone, and hope this instructions might help you to remove the virus on your computer.

I will be waiting for your great feedback, comments, and suggestions regarding this issue by leaving your

message in the comment box.

What is Braviax.exe Virus?

Braviax.exe Virus Information

Virus Name: Braviax.exe

Known as: Trojan.Virantix.C, TROJ_RENOS.ADT

Command Location: C:\Windows\System32\braviax.exe

Some of the antiviruses detect as a Trojan.Virantix.C Trojan that starts automatically into Run, RunOnce,

RunServices, or RunServicesOnce entry in the registry. This Trojan displays fake a security alerts in your

Windows taskbar that advertises rogue anti-spyware products.

This braviax.exe virus is also create, copies, and deletes some files and folders like autoexec.bat and

create a file like c:\windows\system32\univrs32.dat into your systems

Some braviax.exe virus behavior:

* Created as a process on disk

* Executed as a Process

* Has code inserted into its Virtual Memory space by other programs

* Added as a Registry auto start to load Program on Boot up

* Terminated as a Process

* Registered as a Dynamic Link Library File

It also uses some filename aliases that running into your PC like a system files, like shown on the list

below:

* UNYIHYV.TMP

* GQRMSIT.TMP

* 24234393.DAT

* 95164862.DAT

* 31018098.SVD


7/10

* 36346119.DAT

* 29434265.SVD

* 27044453.SVD

* 57134588.DAT

* BEHAVIAX.EXE

* 56846728.EXE

* BRAVIAX.EX_

* 63594485.EXE

* 16782586.SVD

* 37741952.EXE

If you are having this kind of virus into your computer, please scan your PC immediately and remove this

trojan viruses the might get harm your systems files and data store on your computer.

You may also use this step on how to remove braviax.exe virus? that would help you on this problems,

just try and follow some instructions. on how to remove it.

How to Remove SCVHOST.EXE, SVCHOST.EXE Virus Manually

This are the following tips on how to remove the SCVHOST.EXE virus/worm. Firstly we must know what

is SCVHOST.EXE is.

What is SCVHOST.EXE?

In some antivirus they are detected as W32/YahLover.Worm.gen from McAfee Antivirus and

Win32/Autorun.R.worm from NOD32.

This virus will installs itself into your PC by using its INF file autorun.inf. The Autorun.inf file has an

scripts that will trigger to execute the SCVHOST.EXE. Mostly in a removable disk is this occurred as you

noticed that there is an Autoplay instead of Open. Once you double click the drive or removable disk,

the autorun.inf run its scripts that this will trigger to execute the SCVHOST.EXE and spreading itself unto

your system. It also copies itself through all your shared folders directories and on your computers

throughout the network and run itself in the registry entries remotely using a GUEST account (through

System:Remote).

Symptoms:

* When pressing Ctrl+Alt+Del it blocks to launch the Task Manager

* It blocks the Registry Editor.

* When you try to go to the command prompt CMD, it will restarts the computer.

* The shared folders will duplicates itself to different locations of. The duplicated virus uses a FOLDER

icon with an .exe file extension. The configuration of your Yahoo Messenger has been changed.


8/10

How to Remove It

OK here we go, you must follow this step on how to remove this virus in manually method:

* Restart your PC and press F8 and select the option Safe Mode Command Prompt Only

* And after you log-in the command prompt you must log-in as Administrator.

* Type cd C:\windows\system32

* Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is

used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE

* Type ATTRIB -H -R -S SCVHOST.EXE

* Type ATTRIB -H -R -S BLASTCLNNN.EXE

* Type ATTRIB -H -R -S AUTORUN.INI

* Type DEL SCVHOST.EXE

* Type DEL BLASTCLNNNN.EXE

* Type DEL AUTORUN.INI

* Type CD\

* Type ATTRIB -H -R -S AUTORUN.INF

* Type DEL AUTORUN.INF

You are almost done, reboot your PC you may seat back and relax.. while loading...

Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any

changes into your Registry Editor you must make a full back-up to your registry to avoid system errors.

Look the location entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run, if you see an entry Yahoo!

Messengger (it?s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.

Look the location entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry

named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and

the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.

OK we are now done.. Please Restart your PC now and Enjoy!!! Thank you and hope this tips will help for

everyone..Just post your comments about this problem.


9/10

How to Remove the Amvo.exe Virus Manually

First of all you we must know what is the amvo.exe is? what the symptoms when we have amvo.exe in

our PC and how to remove it manually without using any software. Ok here we go!

What is Amvo.exe?

* Amvo.exe is Trojan/Backdoor

Symptoms

* Folder Option is not working - you cannot enable the Folder Option or show the hidden files running

into you computer.

* Hidden file problem

* Always open new windows in all drives

* Error occur of the memory reference (Low Disk Space)

How to solve this?

This is the solution on how to remove the amvo.exe and to fix the folder option problem. Just follow this

steps:

1. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also

and restart your system

1. Click Start > Run and type REGEDIT

2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer >

Advanced

3. On the right side, double click the hidden value and give it a value of 1.

4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer >

Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.

5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the

Amvo.exe virus now.

Go to your Folder Option and enable the show all the hidden files and you remove the following files if

they are exist in the exact location or directory:

c:\autorun.inf

c:\u.bat

c:\amvo.exe

c:\awda2.exe

c:\d.com


10/10

c:\mvo.dll

c:\amvo1.dll

c:\windows\system32\ amvo.exe

c:\windows\system32\ awda2.exe

c:\windows\system32\ d.com

c:\windows\system32\ mvo.dll

c:\windows\system32\ amvo1.dll

c:\windows\system32\u.bat

Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files amvo.exe and delete it.

After that, reboot your PC. OK that's it. Guys please your comments if your PC is working now for using

this procedure..

Documents

Virus Removal Tips