• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What is a CRYPT.WIN32 virus?

G

get1tg00d

Guest
#1
I just did a clean install a couple of days ago and now this appears on my computer. I don't use a filesharing program like Kazaa and I don't download illegal stuff so I don't know where I get this stuff. Is this just a false warning?

I did a search for A0006384.exe and I couldn't find it.

Does anyone know what I should do?
 

ejm

viking lost down under
#2
Try and go to symantec and check there for win32.crypto or crypt.win32 and it should tell you.
My anti virus tells me that it is rare, so check symantec for more info.

ejm
 
#4
BTW, you will need to disable your System Restore and then clear out the System Restore contents (right click on the hard drive in My Computer > Properties > Disk Cleanup. Then click the "More Options" section and do the System Restore Cleanout)

Would follow the Symantec instructions over mine though ;)
 

damnyank

I WILL NOT FORGET 911
#5
Very good point Geffy - I got off looking for that link and forgot all about it being in the SVI folder. May even have to physically go into the SVI Folder itself and manually delete anything that may be left over - I have seen some weird things left behind at times. BTW the SVI is a normally hidden folder - get1tg00d if you get stuck give us a yell back!
 
J

jroc

Guest
#6
Thats what happened...he did a restore...and now saved that virus in his restore....so he does need to clear it out and start a new restore point....no use to restore a virus back....
 

damnyank

I WILL NOT FORGET 911
#7
jroc - just for info - even if you have a virus in your restore point - NAV will not let you restore it back into your system. I can not speak for other AV's as I don;t use them and am not as familiar with them!

However, exactly as you say - it is always smarter to delete all your restore points as each point builds on the previous and as long as the virus is there - the next restore point will be built with it in it!
 
G

get1tg00d

Guest
#8
My antivirus software caught it and that warning came up. So I turned off my system restore and scanned my computer with NOD32 and an online virus scanner, before I restarted and after. Nothing was said to be infected. So either NOD32 caught it or both of them are missing it.
 

damnyank

I WILL NOT FORGET 911
#9
get1tg00d - do you know how to gain access to your SVI folder?

If so open - unhide it and do a virus scan of that folder!

Let us know what happens - like I said NAV excludes the SVI folder from the system scan!
 
G

get1tg00d

Guest
#10
Where is the SVI folder hidden? I unhid everything and went thru the windows folder and didn't see it. I got NOD32 for my antivirus. I don't know if it checks it either.
 

damnyank

I WILL NOT FORGET 911
#13
I am running Home/NTFS - so I have never done this before - but here is how it is supposed to be done:

Windows XP Professional Using the NTFS File System on a Domain

Click Start , and then click My Computer

On the Tools menu, click Folder Options

On the View tab, click Show hidden files and folders

Clear the Hide protected operating system files (Recommended) check box

Click Yes when you are prompted to confirm the change

Click OK

Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

Click the Security tab

Click Add , and then type the name of the user to whom you want to give access to the folder. Choose the account location if appropriate (either local or from the domain). Typically, this is the account with which you are logged on. Click OK , and then click OK



Windows XP Professional using the NTFS File System on a Workgroup

Click Start , and then click My Computer

On the Tools menu, click Folder Options

On the View tab, click Show hidden files and folders

Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change

Clear the Use simple file sharing (Recommended) check box

Click OK

Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

Click the Security tab

Click Add , and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK , and then click OK

Hopefully you'll see it and can run a virus scan on it!

Let me know if you get there as I have heard folks have problems with this. Maybe someone who is running Pro/NTFS could be of some help if it doesn't get you there!
 
G

get1tg00d

Guest
#14
I did Windows XP Professional using the NTFS File System on a Workgroup. I tried to scan it when it was just unhid and NOD32 said it was an invalid folder. Now I did it the right way and it scanned it but there was no files in the folder. Is there supposed to be no files in there?
 

damnyank

I WILL NOT FORGET 911
#15
Right click the folder and "explore" - if there is nothing there - then all the files have been deleted and your System Restore calendar should be blank - ie no restore points!

If both of these occur - then you should be rid of the culprit.

BTW - If the above is true - no restore points in the SVI folder nor on the calendar - then I would manually create a System Restore point so that you have a starting point.
 
G

get1tg00d

Guest
#16
Nothing is in the folder and I have no restore points so I guess NOD32 got the virus or it was just a false alert.

Thanks.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,015
Latest member
evaiwhitis