EggXpert

The official Newegg tech support community and Newegg tech support forums. Learn about PC building, case mods, computer repairs, and computer troubleshooting. Get help from knowledgable community members about computer hardware and computer software, laptops, notebooks, netbooks, consumer electronics & mp3 players, home networking, lcd TVs, home audio and more.

Welcome to eggXpert.com. Sign in | Join | Help

	in	Search
	Advanced Search

Home

EggXpert » Product Support » Software & Media » Virus Help » Re: win32/cryptor

win32/cryptor

Last post 08-20-2009, 11:35 PM by Tracer76. 1 replies.


	Sort Posts: Previous Next

08-20-2009, 9:14 PM 561233

metzy
Joined on 05-30-2008
EggXpert

win32/cryptor

So i am working on a computer for a friend. He got infected with this virus and i run a scan with avg and it says that there are all these infected files and they are svchost files with different numbers after them. I cant seem to removed them. What program should i use?

Report abuse

08-20-2009, 11:35 PM 561271 in reply to 561233

Tracer76
Joined on 04-10-2007
Finally passed Gms.
GmsCool

Re: win32/cryptor

It’s not a virus it’s a Trojan horse.

http://www.exterminate-it.com/malpedia/remove-crypt

Also follow this http://www.geekstogo.com/forum/WinFixer-Removal-Trojan-win32-crypt-o-t65527.html

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download VundoFix.exe at http://www.atribune.org/downloads/VundoFix.exe to your desktop.

* Double-click VundoFix.exe to extract the files.
* After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key (or F5 in some machines) until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
* Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
* Please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\awvvv.dll

* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
* When asked for a second path, enter -> C:\WINDOWS\system32\vvvwa.*
* The fix will run then HijackThis will open.
* In HijackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awvvv.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll

Delete this file if found -> C:\WINDOWS\system32\awvvv.dll

* After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
* Pressing any key will cause a 'Blue Screen of Death' this is normal, do not worry!
* Once your machine reboots please continue with the instructions below.

Download and install CleanUp! http://www.greyknight17.com/spy/CleanUp.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click 'Options...'
Move the arrow down to 'Custom CleanUp!'
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK. Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.

Then, please run an online virus scan at ActiveScan http://www.pandasoftware.com/products/activescan.htm

Report abuse

Home Forums Chat Blogs Deals Newsletter About

FAQ Terms of Use Privacy Policy Contact Us