win32/cryptor

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: win32/cryptor

Post by Belahzur on 10th April 2009, 8:56 pm

Hello.
I need a new DDS log again. So run DDS and post the newest log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 10th April 2009, 9:04 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by DG at 16:00:14.18 on Fri 04/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.563 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -kbdx
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\DG\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB00982 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\antbar\ant.com toolbar\tbu08610\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbu08610\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2008\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2008\bdagent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\ploader\Plauto.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\khfdCUKb

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298264]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-6-2 86792]

=============== Created Last 30 ================

2009-04-10 15:32 --d----- c:\docume~1\dg\applic~1\Malwarebytes
2009-04-10 15:30 --d-h--- C:\$AVG8.VAULT$
2009-04-10 14:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-10 14:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-10 14:54 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-10 14:54 --d----- c:\windows\system32\drivers\Avg
2009-04-10 14:54 --d----- c:\docume~1\dg\applic~1\AVGTOOLBAR
2009-04-10 14:54 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-10 13:34 --d----- C:\HijackThis
2009-04-10 12:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-10 12:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 12:04 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 12:04 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 09:05 118 a------- c:\windows\system32\MRT.INI
2009-04-10 08:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-10 08:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-08 08:37 --dsh--- c:\documents and settings\dg\IECompatCache
2009-04-08 08:33 --dsh--- c:\documents and settings\dg\PrivacIE
2009-04-08 08:31 --dsh--- c:\documents and settings\dg\IETldCache
2009-04-08 08:25 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-08 08:25 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-03-20 06:19 122 a------- c:\windows\system32\privacy.xml

==================== Find3M ====================

2009-04-10 15:45 81,984 a------- c:\windows\system32\bdod.bin
2009-04-05 00:18 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2006-11-17 23:05 800,272 a------- c:\documents and settings\dg\ppctl.dll
2008-09-12 15:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 16:01:20.71 ===============

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 10th April 2009, 9:07 pm

Hello.
You still have AVG installed.

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see BitDefender and AVG.
I would recommend that you remove AVG (8.0 is old now anyway) to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • AVG Free 8.0

Just need to fix a registry item.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 10th April 2009, 9:11 pm

May be I can keep this new AVG 8.5 (I just downloaded it to check for cryptor virus because Bitdefender NEVER informed me about win32/cryptor)? Only AVG informed me about crypter penetration.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 10th April 2009, 9:14 pm

Okay, keep AVG but uninstall this instead:
BitDefender Internet Security 2008

Then do my reg fix and let me know how the machine is running.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 10th April 2009, 10:51 pm

I scan with AVG 6.5 and it found nothing. System was fixed until... I created fix.reg and run it.

After that I re-start my PC and Explorer7 stop working. I click on icon on tabletop and nothing happend. Tried it many times. Scan system with AVG 8.5 again - nothing detected.

Finnaly I was able to activate my old Netskape icon and using it now to communicate with you. Please help to make Explorer7 work again.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 10th April 2009, 10:52 pm

Typo. It should be AVG 8.5 in both cases/

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 10th April 2009, 11:16 pm

Hello.
Did you uninstall BitDefender?

You have IE7, so I'm wondering if BitDefender left behind a plug in.

The reg fix we did had nothing to do with IE7. Let me think

Press Start > Run.
Type in cmd, then press enter.

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry.

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll

Type Exit press enter to return the operating mode.
Note: there is a space between each "regsvr32" and the "file"

Reboot normally.

Does IE7 work now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 12:02 am

Run each command. Some -ok, some - failed

urlmon - ok
Shdocvw - fail. code 0x8002801c
Msjava - fail. module not found
Actxprxy - ok
Oleaut32 - ok
Mshtml- loaded, but entry point not found
Browseui - ok
Shell32 - ok

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 12:05 am

Still no luck?

Try it this way.
Go to Start > Run. Copy and paste this in the Run box.

"C:\Program Files\Internet Explorer\iexplore.exe" -extoff

Hit enter.
Does IE load now?


Last edited by Belahzur on 11th April 2009, 12:21 am; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 12:18 am

I tryed to type this line exactly with "-extoff but it did not run

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 12:24 am

Hello.
I leftover an quite mark by accident in my last post, so it should of thrown up an error for you.

Try it again with quote mark at the start of the file location of Internet Explorer.

If not, we'll try to re-install IE7 again, because malware may have done damage in this case.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 12:59 am

I tryed to download IE7 again - uncuccessfull. No Criptographic module.
Same with IE8. Netscape stop working. Now using Firefox.

After restart system is extrimly slow during booting (about 5 minutes).

AVG 8.5 scan did not show any virusis.

Can we undo reg-fix? Because just before that everithing was OK and fast.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 1:13 am

We can try changing it back to a default value instead of a hex.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"="msv1_0"

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Last edited by Belahzur on 11th April 2009, 1:52 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 3:20 am

I did it - did not help.
Startup take almost 5 min
Basically nothing work.

May be we should start scratch?
Or you want me to open new ticket?

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 1:53 pm

Hello.
I edited this post to change the value, I had it wrong.

[You must be registered and logged in to see this link.]

Delete all the old fix.reg files and try that again now the value is changed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 3:31 pm

Just double checking - should I type into noutepad text ALL your text (starting with Windows Registery Editor...) or just starting with [HKEY_

Copy paste function stop working too, so I am now typing all texts manually.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 3:33 pm

Starting with "Windows Registery Editor 5.00"

Sounds like the malware has left some damage, there's no reason things like copy and paste should stop working.

If worst comes to worst, then a repair or format maybe a better option.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 4:02 pm

I try that script - no changes. Still same 5 min to start-up, IE7 just flash blank screen foe a second and dissappear, so I am not using it.
Copy paste did not work... Any suggestions?

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 4:03 pm

I had read in prev tred that your suggest to get rid of AVG and use other ANTI VIRUS. May be I should erase my AVG and instlall other too?

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 4:05 pm

By the way - the key with window flag stop working too.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 4:09 pm

Do you have your Windows XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 4:43 pm

Sorry, but I do not have it.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 4:48 pm

Darn.
Does this machine have a factory restore image saved to the machine? on a seperate partition?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 11th April 2009, 4:53 pm

I do not know. I am not very computer literal. How can I find if my PC have it?

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/cryptor

Post by Belahzur on 11th April 2009, 4:56 pm

Actually, lets try a system restore first.

1. Click Start, and then click Help and Support.
2. Under Pick a Task, click Undo changes to your computer with System Restore.
3. Follow the instructions on the wizard. (everything that you need to is there in the instructions)

Let me know how that goes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/cryptor

Post by borisburakov on 12th April 2009, 5:27 am

Help function also stop working... I give up... Tomorrow I will go on eBay and buy myself an APPLE. My DELL XP PC was nothig but truble. After first 12 months (just as warranty expire) motherboard overheated and was replaced for 300$. After that DVD drive start to work only 50% of time and now viruses... Clean-ups already had cost me 200$. All virus-protectors : CA, AVG and BITDEFENDERS miserably fail to protect my PC. Buy-buy Windous.

borisburakov
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-04-10
OS OS : XP
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum