Showing results for 
Search instead for 
Did you mean: 

New Win32/Poly win32


Hello. I am having great difficulty in removing new win32 and polywin32 from my computer.
Its Windows Xp.

I turned on the computer in safe mode and ran mcafee scan. It detects virus but it cannot clean it.

I also used Malwarebytes and the log is there.
Now I cannot open anything on my computer other than firefox. If i try to open any of the drives computer restarts itself. Please help

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

2/17/2009 12:37:04 PM
mbam-log-2009-02-17 (12-37-04).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 194751
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sonal!!G\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98FF3C12-5E4D-4C94-9B1E-6F1589E5E16C}\RP477\A0087346.exe (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
3 Replies

RE: New Win32/Poly win32


Please try the below steps:

Open Internet Explorer > Click on Tools> Click on Internet options > Delete the temporary Internet files.

Click on the below link and follow the steps to perform the scan in DOS mode.

Kindly revert back to us if you need more help

RE: New Win32/Poly win32

While trying to follow the step:

# Type CD\ and press Enter. You should now be at a C:\ prompt.
# Type SDATXXXX.EXE /E C:\SDAT and press Enter. (Note: The 'x's should be replaced with the appropriate numbers of the file that was downloaded above.) This will create an SDAT folder on the C:\ drive, and extract the SDAT files to this folder.

I get the following error

SDStbRes.dll: The specific module could not be found.

RE: New Win32/Poly win32


This command is used to extract the SuperDAT file. So make sure you have the SuperDAT file in the C:\ drive
Open Local disk c:\ if you don’t have then try to reinstall the file again from Then try to follow the steps in the FAQ ID
Let me know if its works