Computer Virus Help Needed

johno2004

Senior Member
Joined
Dec 7, 2007
Messages
644
Reaction score
0
Your Mercedes
SLK32 AMG
Hi,

I have come across a virus called win32/cryptor on my works computer.

What a pig of virus, cannot get rid for the life of me.

AVG will detect it but not get rid, i have looked it up on internet and its a real problem to get rid of.

Has anyone come across it and successfully got rid of it from computer.

Please help if you know of a program that will delete it !!!!

Thanks
 

SQ_W211

Active Senior Members
Joined
Jul 12, 2008
Messages
2,139
Reaction score
0
Location
UK
Your Mercedes
W219 CLS55 AMG
I have no experience with that virus but be sure to give the below antivirus a try

http://www.cloudantivirus.com/


Its free and works absolutely brilliantly, I have removed my Symantac to install this fab software. It has worked brilliantly with no Obsurd warnings. It just does the job in the back ground and tells you to reboot if it has removed any Virus.
 

Miffy

Senior Member
Joined
Sep 6, 2008
Messages
7,356
Reaction score
4
Location
Bromley, London
Your Mercedes
CLK 320 CAB Elegance C208
Hi,

I have come across a virus called win32/cryptor on my works computer.

What a pig of virus, cannot get rid for the life of me.

AVG will detect it but not get rid, i have looked it up on internet and its a real problem to get rid of.

Has anyone come across it and successfully got rid of it from computer.

Please help if you know of a program that will delete it !!!!

Thanks


try this

http://www.411-spyware.com/remove-win32-cryptor
 

SQ_W211

Active Senior Members
Joined
Jul 12, 2008
Messages
2,139
Reaction score
0
Location
UK
Your Mercedes
W219 CLS55 AMG
Good ol google.......................
 
OP
J

johno2004

Senior Member
Joined
Dec 7, 2007
Messages
644
Reaction score
0
Your Mercedes
SLK32 AMG
  • Thread Starter
  • Thread starter
  • #7
thanks for replys guys, one thing i forgot was that this nasty f*cker will not allow the instalation of anti virus software so i will try the links and see if i can rename the exe file and see if it would load.

Hense why i asked if anyone had come across it and successfully deleted.

Thanks
 

SQ_W211

Active Senior Members
Joined
Jul 12, 2008
Messages
2,139
Reaction score
0
Location
UK
Your Mercedes
W219 CLS55 AMG
Johno, Its not always easy to remove these trojans manually as they usualy sit in the directories and take alot of fiddling to get rid of properly. Sometimes removing these trojans can result in other softwares not working properly.

Good luck anyway
 

SQ_W211

Active Senior Members
Joined
Jul 12, 2008
Messages
2,139
Reaction score
0
Location
UK
Your Mercedes
W219 CLS55 AMG
thanks for replys guys, one thing i forgot was that this nasty f*cker will not allow the instalation of anti virus software so i will try the links and see if i can rename the exe file and see if it would load.

Hense why i asked if anyone had come across it and successfully deleted.

Thanks

try to download the installer file on another pc for that anti virus and run your PC in safemode it may allow you to install the software.
 

stripe

Senior Member
Joined
May 13, 2009
Messages
139
Reaction score
0
Your Mercedes
E320cdi Brabus D6
Format your hard drive.

jib

Nearly 20 years of experience and this is by far the best way to get rid of any virus and ensure that your PC is as clean as a whistle.

The time it takes faffing about with running different AV products, you are much faster rebuilding.

Partition the drive in to at least 2, using 1 for the OS and the other for data, so if the worst happens again you have your data intact. Once you have rebuilt and you are happy with it, "ghost" it so you can recover very quickly again.
 

Rappey69

Senior Member
Joined
Dec 29, 2008
Messages
1,893
Reaction score
388
Location
hants
Your Mercedes
c220 w204 amg sport
For real nastys such things as hijackthis and malwarebytes anti-malware are good as they run from desktop to avoid the not being able to install issue.
Hijack this will get rid of most things but you have to be very carefull using it as you could kill your pc !
hijack this is free and you can paste the very fast scan for a analysis on
http://www.hijackthis.de/
spywaredoctor is a very good programme that has detected "nastys" that norton,avast and all the other top anti viruses did not but you have to pay for it.
here is how to manually remove it, and at the bottom they recommend spywaredoctor to auto remove it !
http://www.411-spyware.com/remove-win32-cryptor
 

S.Speed

Senior Member
Joined
Apr 12, 2009
Messages
5,063
Reaction score
9
Location
Lancashire
Your Mercedes
Saab 9-3
I totally agree about "Ghosting" your C: drive.. I have always done this by default to a second (or 3rd) hard drive on my PC. I also Ghost to a removeable hard drive and re do that every 3 months or so..
Lastly I even have a ghost copy on DVD.
Also I totally agree about keeping all Data / Photos / Music / e-mail storage / My docs etc on a seperate partition..
This practice has saved my bacon many times over the years.

I have built around 20 PC's for friends, family and work etc and always do the multiple partition by default.

Incidentally some viruses are smart enough to clobber the system restore files in such a way that they can re load themselves when you restore..

Ghost rules in my opinion..

It used to be Norton Ghost (mine still is) but I think its now owned by Symantec.
 

124coupe

Senior Member
Joined
May 7, 2006
Messages
532
Reaction score
2
Bit of a strange one to "catch" now....was prevalent over 6 months ago but all the "proper" AVs with updated defintions should prevent it now!

We had a few hit by this; ComboFix will whack it automatically - from here http://download.bleepingcomputer.com/sUBs/ComboFix.exe - NOT from the spoof sites that "sell" you it.....

Process:

Download from the link BUT "save as" to your Desktop as a different name (or the virus will prevent it running) - e.g xxxxx.exe

Disable scanning in your AV software

Run the renamed ComboFix file, following all the prompts (including giving permission for at least one reboot).

When all complete, save the log file and then re-enable your AV protection.

If (very unlikely) its still not gone, we can talk via PM re the log from ComboFix...

Then sort out the hole that let it in(!):

Latest Microsoft Update (to include all Office fixes)

Proper AV software, up to date

Updated apps - Adobe reader, Java, Flash, Quicktime etc etc (just run through them all looking for old, unpatched stuff)

Keep off the porn sites :) and don't reply "yes" if prompted to install a codec to "improve your viewing experience".

I would also run a second, commercial one-time scan (Kaspersky or Trend) as a belt and braces before moving on....
 

turbopete

Senior Member
Joined
Feb 4, 2009
Messages
14,204
Reaction score
328
Age
46
Location
Spennymoor
Your Mercedes
2010 '60' Ford Mondeo 2.0TDCi Zetec (sorry)
i had a win32 virus. commonest virus going apparrently, in many formats. i was told to go to sophos to find a cure. never seen it since!
 
OP
J

johno2004

Senior Member
Joined
Dec 7, 2007
Messages
644
Reaction score
0
Your Mercedes
SLK32 AMG
  • Thread Starter
  • Thread starter
  • #17
Thanks for all the replys.

Have got rid of it now i used sophos rootkit first then installed Malwarebytes under a different name and then scaned the computer and it found a few different trogens and deleted them all. I think the win32/cryptor became active while the scan was being performed as AVG resident shield picked it up during the scan and sapped it, yet the avg antivirus would not delete it.

Anyway all sorted and have scanned it for last two days and all clear.

The virus also deletes all your computer restore points so that does not work either

If only the demented clever souls that write these virus's put there talent to good use they would probally be rich and create someting useful to the world.
 

124coupe

Senior Member
Joined
May 7, 2006
Messages
532
Reaction score
2
Are you not a bit concerned that AVG let all that stuff through? (and, presumably will do so again).

(sits back to await the torrent of abuse that comes with daring to criticise AVG).
 
OP
J

johno2004

Senior Member
Joined
Dec 7, 2007
Messages
644
Reaction score
0
Your Mercedes
SLK32 AMG
  • Thread Starter
  • Thread starter
  • #19
Yeh was conserned so have changed all the antivirus software on the computers to Mcaffe. Thing is though the AVG was there premium package not the free download so was a bit miffed.

Not sure how it got there though because the Lady operator on that pc does not go online surfing, so i suspect someone else has been on it when she's not in the office. so a memo gone round warning that unauthorized surfing not allowed.
 

merc convert

Senior Member
Joined
Jun 7, 2006
Messages
83
Reaction score
0
Location
Yorkshire, England
When I have had problems like this use an alternative browser to internet explorer ie: Firefox it has always allowed me to download addition anti virus or software,
 

Use the code MERCEDES and get 10% MBO Club Discount, oilman's website:www.opieoils.co.uk

register for news and offers email:sales@opieoils.co.ukphone: 01209 202944
Top Bottom