What is a CRYPT.WIN32 virus?

Discussion in 'Windows Desktop Systems' started by get1tg00d, Aug 8, 2003.

  1. get1tg00d

    get1tg00d Guest

    I just did a clean install a couple of days ago and now this appears on my computer. I don't use a filesharing program like Kazaa and I don't download illegal stuff so I don't know where I get this stuff. Is this just a false warning?

    I did a search for A0006384.exe and I couldn't find it.

    Does anyone know what I should do?
     
  2. ejm

    ejm viking lost down under

    Messages:
    49
    Location:
    Australia
    Try and go to symantec and check there for win32.crypto or crypt.win32 and it should tell you.
    My anti virus tells me that it is rare, so check symantec for more info.

    ejm
     
  3. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
  4. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    BTW, you will need to disable your System Restore and then clear out the System Restore contents (right click on the hard drive in My Computer > Properties > Disk Cleanup. Then click the "More Options" section and do the System Restore Cleanout)

    Would follow the Symantec instructions over mine though ;)
     
  5. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Very good point Geffy - I got off looking for that link and forgot all about it being in the SVI folder. May even have to physically go into the SVI Folder itself and manually delete anything that may be left over - I have seen some weird things left behind at times. BTW the SVI is a normally hidden folder - get1tg00d if you get stuck give us a yell back!
     
  6. jroc

    jroc Guest

    Thats what happened...he did a restore...and now saved that virus in his restore....so he does need to clear it out and start a new restore point....no use to restore a virus back....
     
  7. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    jroc - just for info - even if you have a virus in your restore point - NAV will not let you restore it back into your system. I can not speak for other AV's as I don;t use them and am not as familiar with them!

    However, exactly as you say - it is always smarter to delete all your restore points as each point builds on the previous and as long as the virus is there - the next restore point will be built with it in it!
     
  8. get1tg00d

    get1tg00d Guest

    My antivirus software caught it and that warning came up. So I turned off my system restore and scanned my computer with NOD32 and an online virus scanner, before I restarted and after. Nothing was said to be infected. So either NOD32 caught it or both of them are missing it.
     
  9. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    get1tg00d - do you know how to gain access to your SVI folder?

    If so open - unhide it and do a virus scan of that folder!

    Let us know what happens - like I said NAV excludes the SVI folder from the system scan!
     
  10. get1tg00d

    get1tg00d Guest

    Where is the SVI folder hidden? I unhid everything and went thru the windows folder and didn't see it. I got NOD32 for my antivirus. I don't know if it checks it either.
     
  11. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Are you running Pro or Home on FAT 32 or NTFS??? There's different ways to get to it under the different OS/format!
     
  12. get1tg00d

    get1tg00d Guest

    I'm running Windows XP Pro with NTFS.
     
  13. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    I am running Home/NTFS - so I have never done this before - but here is how it is supposed to be done:

    Windows XP Professional Using the NTFS File System on a Domain

    Click Start , and then click My Computer

    On the Tools menu, click Folder Options

    On the View tab, click Show hidden files and folders

    Clear the Hide protected operating system files (Recommended) check box

    Click Yes when you are prompted to confirm the change

    Click OK

    Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

    Click the Security tab

    Click Add , and then type the name of the user to whom you want to give access to the folder. Choose the account location if appropriate (either local or from the domain). Typically, this is the account with which you are logged on. Click OK , and then click OK



    Windows XP Professional using the NTFS File System on a Workgroup

    Click Start , and then click My Computer

    On the Tools menu, click Folder Options

    On the View tab, click Show hidden files and folders

    Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change

    Clear the Use simple file sharing (Recommended) check box

    Click OK

    Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

    Click the Security tab

    Click Add , and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK , and then click OK

    Hopefully you'll see it and can run a virus scan on it!

    Let me know if you get there as I have heard folks have problems with this. Maybe someone who is running Pro/NTFS could be of some help if it doesn't get you there!
     
  14. get1tg00d

    get1tg00d Guest

    I did Windows XP Professional using the NTFS File System on a Workgroup. I tried to scan it when it was just unhid and NOD32 said it was an invalid folder. Now I did it the right way and it scanned it but there was no files in the folder. Is there supposed to be no files in there?
     
  15. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Right click the folder and "explore" - if there is nothing there - then all the files have been deleted and your System Restore calendar should be blank - ie no restore points!

    If both of these occur - then you should be rid of the culprit.

    BTW - If the above is true - no restore points in the SVI folder nor on the calendar - then I would manually create a System Restore point so that you have a starting point.
     
  16. get1tg00d

    get1tg00d Guest

    Nothing is in the folder and I have no restore points so I guess NOD32 got the virus or it was just a false alert.

    Thanks.
     
  17. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Good - as I suggested earlier - create a manual restore point so you have a fresh starting point!

    You're welcome!:D