Win32Crytor virus

  robbiecon 12:53 30 Aug 2009

Has anyone any experience of having been affected by this destructive virus? My desktop pc has been infected. I am communicating this on my laptop which remains unaffected. The latest is that the virus has removed all system restore points, all hardware listed in device manager and will not allow me to "add hardware" (I have a HDD I want to install to backup). It will not recognise the "G" drive that this should come up as. The laptop recognises it as working when I plug it in and the desktop recognises my son's sony ericksson mobile as "G" when it's plugged in. I have purchased Norton Internet security to put in place once I have formatted the hard drive which I accept I will have to do! I have been using avg free which obviously was not enough. Please help! Cheers Rob

  birdface 13:26 30 Aug 2009

Now if you can find a way to download and update the free version of malwarebytes from your laptop that would probably shift it.

click here

Another good one to try is Trojan Remover that is a pay for program but you get a 30 day trial and it will fix everything that it finds.If you get that to run it will allow to update and run the rest of your security programs.

  birdface 13:29 30 Aug 2009

Another good one is here
You can run this first without updating it and see if you can run any of those programs in safe mode.

  robbiecon 13:32 30 Aug 2009

Cheers I'll give them a try!

  robbiecon 14:25 30 Aug 2009

Hey it's getting weirder! The "G" drive has come back on but it keeps saying "please insert disk" I cannot get CDs to play either. I don't want to risk a cross-infection so am not linking up the laptop to the desktop

  p;3 15:25 30 Aug 2009

Have a read of this maybe click here

it does suggest changing the name of the exe to get Malwarebytes to run

this too looks promising for what you need click here

'I Googled win32/cryptor and somebody suggested Malwarebytes Anti-Malware. As I'd never heard of it I Googled that! I wouldnt want it to be another Antivirus 2009! and Major Geeks were offering it so I thought it likely to be legit.

Downloaded it and then ran it, nothing... Downloaded from a second site, still nothing so more Googling. It was suggested that I rename the install file. Guess what it then installed! I did a reboot then ran the program, again nothing.
Just on a hunch I renamed the following executable file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe to mbamm.exe. Dont forget to let it go get the latest updates.

That did the trick! 10 minutes later all trace of Cryptor was gone. I rebooted then scanned with AVG which found nothing more than a few cookies. An Ad-Aware scan then turned up a load more cookies.

Chances are that renaming the appropriate Spybot exe file would have done the trick. If there is more than one executable in the directory take a look at the properties of the Start button Spybot link. That usually tells you which one you need to tinker with. Google seems to be behaving too.

The virus was clever enough to block certain executables by name. As soon as it didn't recognise the name it was possible to remove it.'

try that?

  robbiecom 23:28 30 Aug 2009

Thanks for your help today Guys. Will try suggested pointers and will let you know how I get on. Cheers Rob

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

See the work of famous artists playing with toys

iPad Pro 10.5in (2017) review

Comment faire une capture d’écran sur un Mac ?