Win32/Cryptor Virus Is There Any Hope ?

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 7th July 2009, 3:30 am

Hello Everyone and thank you for being the light in the dark with my current issue, I feel as if ive come to the writhe place . A couple of days ago i opened an email and was infected with the win32/cryptor virus i have read the other posts and see that depending on what files or part of your computer is infected the removal of the virus could be different. I have Avg and the resident shield alert keeps popping up to notify me of the virus also it has disabled my windows security center and i can turn it back on and i am also getting the message that my laptop has no restore points created . Avg wont remove it i keep getting a interruption by user message this thing has been a nightmare for me and i have a real peeve about my electronics and this is like a thorn in my back i have downloaded maleware megabytes i think that's the name of it but that didnt work so i deleted it . i have downloaded spy ware doctor and that does not seem to work I am at my wits end on this issue and hope someone can offer me some solid resolve this is the file in my email that gave me the virus

<Link removed - Doctor Inferno>

Thank You
[img][/img]


Last edited by Doctor Inferno on 7th July 2009, 7:50 am; edited 3 times in total

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Doctor Inferno on 7th July 2009, 7:50 am

Hello,

Please read this: [You must be registered and logged in to see this link.]

And post your HijackThis log here.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

here is the results of the scan from hijackthis

Post by elohem78 on 8th July 2009, 4:57 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:36 AM, on 7/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kyle\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 10724 bytes

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 8th July 2009, 2:11 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 8th July 2009, 2:22 pm

thanks for the info Belahzur but as i've stated above i have already tried that method and it did'nt work

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 8th July 2009, 2:26 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 8th July 2009, 11:46 pm

ok I have done the above and have gotten a restrictions notice when i try to open combo fix saying this operation has been cancelled due to restrictions in effect on this computer. Please contact your administrator.



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 12:41 am

Hello, it seems you aren't a computer administrator thus you can't run any tools, please contact your system administrator so we can continue with the cleaning.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 12:51 am

Its my laptop and i am the administartor i am the only one using it and who has accsess it just started saying that message right after i turned off the resident shield on the AVG which was recomended b4 running combofix so what should i do ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:00 am

i am restarting the laptop now



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:03 am

ok ihave restarted and am ready to continue the cleaning
what should i do now
and thank yoyu all fro being so patient with me



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 1:07 am

Hello.
Is the account you were using a personal account that didn't have full administrator rights? even if the laptop is yours, in XP, there's usually a hidden administrator account (can only be seen from safe mode or the advanced logon menu box), then your personal account.

Try running Combofix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:15 am

should i be doing all of this in safe mode ?
and i am using vista '
and as far as i know i am the administrator i have installed hijack this and did the reports and everything and didnt have a problem with that now when i have tried to restart the laptop i get a black screen with only the mouse arrow getting worried what can i do ?
I just got this laptop less than a year ago and now its got a virus
I swear an oath to combat these issues with u guys if i dont go bald in the meantime lol HELP



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 1:21 am

We won't leave you in the middle of it, be assured of that.
It's fine to run on Vista. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:42 am

ok unpluged the laptop and shut it down
am restarting it now
should i restart it in safe mode or normal before i move forward and attempt to turn it on again ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 1:43 am

Do it in safe mode.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:48 am

ok restarted my computer and now its in startup repair mode and attempting the reapairs is this ok ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:52 am

its saying it will take several mins to finnish
should i leave it to do that or shut it down again and start it in safe mode ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 1:53 am

What does the screen look like? Does something like a scan come out with percents?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:58 am

no it says your computer was unable to start
start up repair is cheaking your systems for problems ......
if problems are found, Start up repair will fix them automatically. Your computer might restart several times during this process.
No changes will be made to your personal files or information. this might take several mins.
then theres a scan bar moving accross saying attempting repairs but there is no percent value showing



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:01 am

it just resarted the computer
it showed a vista background with no words now its just idleing with a black screen and the mouse arrow



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 2:02 am

I see, let it finish then go to safe mode.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:05 am

ok still idleing shoulds i shut down and restart in safe mode manually or ????? leave it to idle on the black screen ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 2:11 am

Are you able to access task manager(Ctrl+Shift+Esc)?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:22 am

no it wont let me



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 2:24 am

Then restart your computer in safe mode and see if you can see your desktop.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:26 am

ok attempting now



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:33 am

ok I am at my desktop in safe mode all my icons are huge lol
now what ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 2:34 am

Do the following:

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:42 am

i cannot get on the net with my wifi while my laptop is in safe mode i am corisponding with u from my pc desktop



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 2:47 am

You need to boot in safe mode with networking to be able to use the internet:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 3:00 am

SHOULD I RUN COMBO FIX NOW ?



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Origin on 9th July 2009, 3:06 am

If you are in Safe Mode with networking yes.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 3:25 am

OK RUNNING IN SAFE MODE WITH NETWORKING AND A MESSAGE POPPED UP SAYING WINDOWS MUST RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE TERMINATED UNEXPECTEDLY AND IT SHUT OFF AND I GUESS IS ATTEMPTING TO REBOOT NOW I AM AT A BLACK IDLE SCREEN AGAIN



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 3:57 am

WHAT SHOULD I DO NOW ITS NOT LOADING



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 1:47 pm

this is frustrating



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 1:54 pm

I know, but stay calm. Smile
Combofix is not loading?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:05 pm

cheaking to see if combo fix works in safe mode without networking



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 2:12 pm

Okay, let me know, and if not, we'll attack it manually rather than using Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:19 pm

ok double clicked on combo fix while in safe mode and a warning message has popped up saying Combo fix has detected the following real time scanners to be active
antivirus: AVG Anti-Virus
antispyware: AVG Anti-Virus
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. this may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking OK

i have not pressed anything yet and am waiting for further instruction
thank you

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 2:20 pm

Hello.
Did you disable AVG before running Combofix? you have to go into the AVG control center and turn off the shield.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:21 pm

at this point should we attack it manually???

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 2:25 pm

No, I've not seen AVG interfere in any of my cases. Go as far as uninstalling AVG if we have to.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:30 pm

ok yesterday i turned off the resident shield on avg in the control center so i could run the hijackthis scan the problem was after i turned off the resident shield i could no longer use normal mode because the virus wont permit it to load it just idles in black screen Win cryptor score 2
Home team score 0
i posted the hijack this scan but after that the virus invaded the laptop more because i guess i disabled the resident shield BAD IDEA before that i was still able to go on the net use normal mode and download the only thing that was happening was the resident shield kept pooping up saying it was infected now i cant do any of that and the computer only works in safe mode and i dnt think i can disable the avg while in safe mode or can I ??

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:32 pm

waiting for next step



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 2:33 pm

Ah.
Allow Combofix to run then, even if it's active, because it's in safe mode and won't interfere.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:37 pm

again thank u for your help and i do pledge allegance in the fight against these monstrosities through this experience not only do i hope to gain knowledge on getting back control of my laptop but i also would like to help others fight against this war on terror in the form of viruses!!!! (Gunsmoke)
so they will not have to suffer the despair i have......
because this is utterly poposturouse Evil or enraged

elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 2:37 pm

ok running combo fix now



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by elohem78 on 9th July 2009, 3:22 pm

ok combo fix message popped up and says
Rootkit!!
ComboFix has detected the presence of rootkit activity and needs to reboot the machine.
Kindly note down on paper, the name of each file we may need it later
C:\Windows\system32\drivers\UACnrryvpcimctxiwqpj.sys
C:\Windows\system32\UACtloexwmvapmdxehpm.dll
C:\Windows\system32\UACqemqpysdqcfcpowpu.dll
C:\Windows\system32\UACifiveebsnnwtbupqb.dat
C:\Windows\system32\UACgpmotwvpqyqeauptj.dll
C:\Windows\system32\UACnbofqwxarxnjrsxea.dll
C:\Windows\system32\UACxxwvvgtjkrlytoonp.log
and it has a tab OK
now should i go ahead and press ok and after which i do so will it automaticaly reboot in safe mode or do i have to press F8 and do it manually so it will go to safe mode

waiting for instruction



elohem78
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2009-07-07
Gender Gender : Male
OS OS : Windows 7
Protection Protection : AVG
Points Points : 27572
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus Is There Any Hope ?

Post by Belahzur on 9th July 2009, 3:40 pm

Hello.
I already know there would be a rootkit, so hit ok and it continue.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum