Is cryptwin a virus / worm ?

  RoosterUK 11:37 30 Mar 2004

Hi all

My PC has developed a problem.When trying to connect to the internet ( 56K Dial Up modem) the process fails with an Error 631: Port Disconnected and then a STOP Fatal System Error System File "cryptwin.exe".
If I then use Ctrl/Alt/Del there is a process running with the name cryptwin. If I stop this process I can then connect to the internet as normal. The cryptwin process returns on every startup.
I have no idea what this process/program is. The cryptwin.exe is located in the Windows/System Folder and from the date on the file I am fairly certain all that was done at that time were Emails.
Could this have arrived by email ?
Does anyone recognise this as a known virus/ worm?

I have been using Norton Antivirus but the subscription expired acouple of weeks ago so I dont have the very latest definitions.
I have a 30 day copy of Panda internet security on the PC advisor cover disc but to use this I am advised to uninstall Norton.I am reluctant to lose all the definitions I already have for Norton. Can I save these to reinstall at a later date?

So if anyone recognises this problem do they know how to uninstall and correct any registry settings ?

Any help appreciated


Using Windows ME , Outook Express.

  Giggle n' Bits 11:58 30 Mar 2004

ref your virus software, I would update the subsciption to Norton as its good stuff.

You don't mention which windows you run.

  RoosterUK 12:14 30 Mar 2004

I'm using windows ME.

If this isn't a virus does anyone have any idea what it is ?

It definitely appeared at a time when no software was intentionally installed.


  Taw® 14:55 30 Mar 2004

click here click here these may be of help

  RoosterUK 20:02 31 Mar 2004

A quick update on this issue.
It turns out that these symptons and the cryptwin files are indeed created by a virus/worm.
A little more detective work revealed that the code arrived by email on 28 march contained in an apparently blank image file.The virus is named [email protected] .
Even if my Norton AV was up to date I would still have been infected. Norton only released the definition on the same day I was infected.I have now updated my NAV and used Nortons removal tool available from the symnatec website.
I suggest anybody who has not updated thier definitions since Sunday 28 March should do so now.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Inside the iMac Pro - Apple's most powerful Mac yet

iMac Pro release date, UK price & specs

Comment nettoyer Windows et optimiser son PC gratuitement ?