10 September 2007
Removing the ntde1ect.com and autorun.inf files
Posted by Mikhail Esteves under: Tips; Windows .
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
55 Comments so far...
Sher Says:
11 September 2007 at 6:47 am.
Thanks for the tip! I had this very files on my mobile hard-disk, and it gives me a very hard time to try to even read the disk when i insert it into my computer. now it’s all solved!
ANONYMIZEz Says:
11 September 2007 at 12:29 pm.
i did it, i removed it, thank you
but you should disable the system restore feature and empty the recycle bin before you start and delete all ntde1ect.com from all hard and removable drives
avinashsonee Says:
12 September 2007 at 5:08 am.
Hey,
Wonderful tip !! a million Thanks to you. I was searching for a solution to this problem since a few days. Thanks a lot again. And your site rocks man !! good articles.
Steve Says:
13 September 2007 at 1:28 am.
Thanks for the help.
c.govardhan Says:
13 September 2007 at 12:46 pm.
sir,
when i delete/close the application of explorer.exe. All the icons that are present on the desktop are missing and i am not able to run any program
Jordy Says:
13 September 2007 at 2:52 pm.
doesn’t work :S
if i reboot and put my USB stick in its back..
Mikhail Esteves Says:
13 September 2007 at 5:43 pm.
@Govardhan: Yes, that is supposed to happen. You can run an application by using the Task Manager (press ctrl-alt-del). The Run command is in the File menu of the Task Manager.
@Jordy: Go to the DOS Command prompt, navigate to your USB drive, and type
dir /a
You will see a few hidden files. Do this for each of them:
attrib -r -s -h FILENAME.EXE
del FILENAME.EXE
Then go ahead and remove ntde1ect.com
Amani Says:
13 September 2007 at 6:20 pm.
Yo dude……you rock!
HBH Says:
13 September 2007 at 7:52 pm.
del /ar /ah /as filename.txt does fine
sonoo Says:
14 September 2007 at 5:06 pm.
thanks alot this thing is working very fine.
i did it on my computer and now i am able to open my c:, d: and E: drivers
thanks once again
Jp Says:
16 September 2007 at 2:51 pm.
Am I missing some part?.
Thou I alredy have nt1ect.com remove from my c drive.
but when I try to open it, it pop up the ‘open with..’ window selection box.
Jp Says:
16 September 2007 at 6:08 pm.
I did remove the ntde1ect.com from my c drive but I still can’t open the c drive.
once press it pop up the ‘open with’ window.
manik Says:
17 September 2007 at 3:32 pm.
simply i wanna say is thanks . it helped me a lot.
Devashish Pradhan Says:
18 September 2007 at 2:03 am.
Hey,
Wonderful tip !! a million Thanks to you. I was searching for a solution to this problem since a few days. Thanks a lot again.
I did it on my computer and now i am able to open my C:\ and D:\ drivers
thanks once again
And your site rocks man !! good articles.
Devashish
Nihad Says:
20 September 2007 at 2:49 am.
Thanks alot this was very helpful, you are wonderfull….. this fixed my problem. keep in progress.
Nihad
junius7 Says:
20 September 2007 at 9:21 am.
Wow thanks for the wonderful tip!!! Really thanks.
I was having this problem since around 1st week of September and I finally found a solution to it.
If only i could thank you in person.
TaoDuong Says:
20 September 2007 at 7:25 pm.
Thanks so much for your help. My comp. worked so well now
Gokte Says:
22 September 2007 at 8:56 am.
Thanks a million. How come AntiVirus softwares does not remove this virus and has to be removed manually. Anyway your removal instruction was very helpful and I got rid of a very annoying problem.
I formatted C drive twice but I had no clue that this virus resides in other drives too and comes back again and again. Make sure to clean all the drives.
Thanks again.
The guy who gives respect when due Says:
22 September 2007 at 1:05 pm.
Thanks Alot, I didn’t know where Hacktool.Rootkit worm was but now I know.
Thanks
Thomas Says:
23 September 2007 at 11:52 am.
Great. It worked. Without any doubts. The steps was clear. Thanks alot
crony_mk Says:
24 September 2007 at 3:11 am.
Thnx man!! me estaba deskisiando kon este toyano, pero gracias al post ya pude solucionarlo… bueno se agradece amigo =)
Saludos!!
Phuthang Says:
30 September 2007 at 4:02 am.
Man I removed it, a big thanks to you dude. We need more people like you.
Oh, and to Jordy, first back up the staff in your USB, then format it, after that do the whole process of removing ntde1ect.com. This way you will not have problems of it coming back. This is the easiest way to do it.
Joske Punk Says:
30 September 2007 at 4:16 pm.
Thanks for help !
carlos Says:
1 October 2007 at 6:17 am.
my girlfriend’s laptop had this problem.. tommorow i’m fixing it.. YOU ROCK, dude!!! where the hell did this trojan come from, anyway?
Alvaro Says:
1 October 2007 at 9:01 am.
Hurray! Appreciate, alot of!! I spend hours in this
Braam Says:
1 October 2007 at 4:33 pm.
Hey, thanks so much!
My ZoneAlarm antivirus picked up this trojan and deleted it but, that was not enough to fix the problem. Thank you very much, this was extremely helpful. You’re a star
Mysterious Says:
6 October 2007 at 11:01 am.
What can I say …!!
THANX a LOT MAAAAAAAAAAAN :)
Jane Says:
11 October 2007 at 11:00 am.
works like a charm… thanks!
Parthiban Says:
11 October 2007 at 9:15 pm.
Thanks for giving the good mircale idea.
Now the my system clear this type of virus
I am very appreciate about ur idea
Thank a lot
Thank you
Lord Puza Says:
12 October 2007 at 4:09 pm.
be careful with the del syntax! as it can wipe ur system with stupidity! ( like what i did )
I entered “del_c:/autorun.inf */f/s/a/q”
where _ = space
now i figured out what went wrong
the syntax should be
del c:\autorun.* /f /a /s /q
where * = means “all”
in the correct syntax means that all files named autorun , whatever it’s extension is must be deleted
with my incorrect syntax i stated that delete the autorun.inf and * (all) files i have
so i lost all my files including my thesis without backup
only to find out that the recent nod32 can kill this virus
anyways tanx for this guid as i learned a bitter lesson and this guide improved my understanding of the dos.
tanx man , and guys out there please READ more carefully !!!
Sandy Says:
13 October 2007 at 4:33 am.
you rock dude..
it worked.. all well
except i could not find avpo file in registry or may be it was not there.
but deleted a lot of entries f ntde1ect.com in it.
thanks a ton dude..
really thanks..
Luis Eduardo Says:
14 October 2007 at 2:14 am.
Wow. You’re burning!!!!!
Thanks a lot : )
Ricardo Vargas Says:
16 October 2007 at 3:31 am.
Thank you very much. You give to us a big help, that the big corporations that we paid for antivirus software don’t give to us. Thanks again.
René Says:
22 October 2007 at 8:24 pm.
Thanks a lot!!!!!
I catched this bastard in Vietnam or Indonesia and could not open my external drive with very important files. With the help of your comprehensible instructions I was able to solve this problem and to kill the bastard (and I’m not a computer expert).
Many many thanks – we need more like you !!!!
Luisf Says:
23 October 2007 at 7:04 pm.
Thank you very much for this fine guide. It is a life saver.
Sergey Says:
25 October 2007 at 9:09 am.
I found a topic, there it is described how to unhide the hidden files.
Here is it!
1. Click “Start” -> “Run…” (or press Windows key + R)
2. Type “regedit” and click “Ok”.
3. Find the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
6. The “Show hidden files & folders” check box should now work normally. Enjoy!
JS and MC Says:
29 October 2007 at 5:23 am.
Thank you so much!
Not only did you gave us, my girlfriend and I, the solution to ntde1ect, but yous gave us the chance to use our knowledge of old DOS commands!
You are great.
JS and MC
Dinesh Bhagtani Says:
29 October 2007 at 1:05 pm.
Thanks for giving the good mircale idea.
Now the my system clear this type of virus
I am very appreciate about ur idea
Thank a lot
Thank you
anas Says:
6 November 2007 at 8:55 pm.
hi Sergey ,
you guy rock,
the registry key worked for me , now I can see the hidden files and files extensions.
I’ve been told to look in the Hkey_current_user or whatever , it didn’t work.
now I’m fiiiiine
thanx
Moritz Says:
17 November 2007 at 5:34 am.
Thanks, great how-to!
Seems to have worked for me, although I think it would be nice to point out that people should in general disable autorun on their machines – otherwise they’ll just get re-infected the next time they plug in a infected usb-drive. I’d recommend Microsoft’s TweakUI PowerToy (free download – google it).
@Sergey: Thanks a lot for that reg-value, too! It was really annoying that windows just seemed to ignore whether you clicked “show hidden files’ or not.
Thanks!
dros Says:
20 November 2007 at 10:15 pm.
Thanks for the tip!
@Sergey » THANKS A LOT!! I was missing that part, and not being able to see the hidden files was driving me crazy!
Thanks everybody for help stoping this stupid trojans/viruses/…
FurSid Says:
23 November 2007 at 10:49 am.
is there a utility or a script that can do it for me automatically? i need to fix this virus on 25 systems on my network :( it’ll take long if done manually… :s
Mikhail Esteves Says:
23 November 2007 at 5:30 pm.
@FurSid: I am not aware of a utility/script that does this automatically but it should be pretty simple to make one. I don’t have the time right now so can’t help you out here…
pshy0 Says:
26 November 2007 at 8:54 pm.
Thanks a lot man
But it would be appropriate if we add a “/p” attribute to del command…… as it will ask for confirmation to delete file and we would be able to keep the files which are known to us…
Tuneega Says:
1 December 2007 at 3:20 am.
Man !! you rock :)
this was such a good tutorial and it solved the problem
straightforward
i was soo frightened when my research computer had this problem and i was worried that all data might get lost
now i am one happy person :)
velvet Says:
16 December 2007 at 3:17 pm.
wow thank you so much! i got this worm from my friend’s usb stick and now my pc is autorun.inf-free.. free!! freeeee!!
hahaha…
mwah! xoxo
Kannadas Says:
18 December 2007 at 9:31 pm.
Really great!!!!!!!…….im able to remove it thoroughly and i am able to do in 13 PCs having this annoying issue…..thanks…..i wish this team a great success
Anonymous Says:
14 January 2008 at 12:14 pm.
You can simply create the folder named “autorun.inf” on your flash stick and you will be protected agaist this type of trojans forever!
Reza Says:
14 January 2008 at 9:24 pm.
Thanks a lot dude!
I don’t even know how to thank you for this help… may god bless you…!
Regards
A friend of yours
ishtiyaq Says:
16 January 2008 at 5:18 am.
What a good easy to navigate user friednly solution this is? I like it ..
GOD BLESS YOU
clark Says:
19 January 2008 at 12:50 am.
damn!!!!!!!!!thanks dude!!!!!!!!! thats greaaaaaaaaatttttttttt love u dude thats way too cool couldnt access my external HD at all on xp……. with vista it was abit annoyin but could access it… n thnks alot got to remove it on my gfs laptop tomoro……. thats waaayy too cool thks again
Sudhir Rana Says:
24 January 2008 at 6:26 pm.
Hello friend… you are superb….. It was the most difficult virus problem which i faced… i did everything to remove it… but….. i tired of doing all the things…. then i read this excellent solution by you… I wonder why any anti virus did not do that… anyway I had this problem at my home and in my office also….. right now I have solved at my office… I am happy…going home to kill that …. Thanks a million….
pete Says:
13 February 2008 at 6:55 pm.
Thanks mike!!! It really works. Been coping with the virus for nearly a year now,following your suggestions removed the last smell of it. still wonder why 3 different top-rated anti virus couldn’t fix it.
Great work
DunxD Says:
15 April 2008 at 10:00 pm.
You might also find amvo.exe in place of avpo.exe – and possibly a multitude of other names. Probably worth looking at all the Run entries in the registry and searching against the file names in Google to see if they are viruses.
