What is a CRYPT.WIN32 virus?

G

get1tg00d

Guest
I just did a clean install a couple of days ago and now this appears on my computer. I don't use a filesharing program like Kazaa and I don't download illegal stuff so I don't know where I get this stuff. Is this just a false warning?

I did a search for A0006384.exe and I couldn't find it.

Does anyone know what I should do?
 
Try and go to symantec and check there for win32.crypto or crypt.win32 and it should tell you.
My anti virus tells me that it is rare, so check symantec for more info.

ejm
 
BTW, you will need to disable your System Restore and then clear out the System Restore contents (right click on the hard drive in My Computer > Properties > Disk Cleanup. Then click the "More Options" section and do the System Restore Cleanout)

Would follow the Symantec instructions over mine though ;)
 
Very good point Geffy - I got off looking for that link and forgot all about it being in the SVI folder. May even have to physically go into the SVI Folder itself and manually delete anything that may be left over - I have seen some weird things left behind at times. BTW the SVI is a normally hidden folder - get1tg00d if you get stuck give us a yell back!
 
Thats what happened...he did a restore...and now saved that virus in his restore....so he does need to clear it out and start a new restore point....no use to restore a virus back....
 
jroc - just for info - even if you have a virus in your restore point - NAV will not let you restore it back into your system. I can not speak for other AV's as I don;t use them and am not as familiar with them!

However, exactly as you say - it is always smarter to delete all your restore points as each point builds on the previous and as long as the virus is there - the next restore point will be built with it in it!
 
My antivirus software caught it and that warning came up. So I turned off my system restore and scanned my computer with NOD32 and an online virus scanner, before I restarted and after. Nothing was said to be infected. So either NOD32 caught it or both of them are missing it.
 
get1tg00d - do you know how to gain access to your SVI folder?

If so open - unhide it and do a virus scan of that folder!

Let us know what happens - like I said NAV excludes the SVI folder from the system scan!
 
Where is the SVI folder hidden? I unhid everything and went thru the windows folder and didn't see it. I got NOD32 for my antivirus. I don't know if it checks it either.
 
Are you running Pro or Home on FAT 32 or NTFS??? There's different ways to get to it under the different OS/format!
 
I am running Home/NTFS - so I have never done this before - but here is how it is supposed to be done:

Windows XP Professional Using the NTFS File System on a Domain

Click Start , and then click My Computer

On the Tools menu, click Folder Options

On the View tab, click Show hidden files and folders

Clear the Hide protected operating system files (Recommended) check box

Click Yes when you are prompted to confirm the change

Click OK

Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

Click the Security tab

Click Add , and then type the name of the user to whom you want to give access to the folder. Choose the account location if appropriate (either local or from the domain). Typically, this is the account with which you are logged on. Click OK , and then click OK



Windows XP Professional using the NTFS File System on a Workgroup

Click Start , and then click My Computer

On the Tools menu, click Folder Options

On the View tab, click Show hidden files and folders

Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change

Clear the Use simple file sharing (Recommended) check box

Click OK

Right-click the System Volume Information folder in the root folder, and then click Sharing and Security

Click the Security tab

Click Add , and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK , and then click OK

Hopefully you'll see it and can run a virus scan on it!

Let me know if you get there as I have heard folks have problems with this. Maybe someone who is running Pro/NTFS could be of some help if it doesn't get you there!
 
I did Windows XP Professional using the NTFS File System on a Workgroup. I tried to scan it when it was just unhid and NOD32 said it was an invalid folder. Now I did it the right way and it scanned it but there was no files in the folder. Is there supposed to be no files in there?
 
Right click the folder and "explore" - if there is nothing there - then all the files have been deleted and your System Restore calendar should be blank - ie no restore points!

If both of these occur - then you should be rid of the culprit.

BTW - If the above is true - no restore points in the SVI folder nor on the calendar - then I would manually create a System Restore point so that you have a starting point.
 
Nothing is in the folder and I have no restore points so I guess NOD32 got the virus or it was just a false alert.

Thanks.
 
Good - as I suggested earlier - create a manual restore point so you have a fresh starting point!

You're welcome!:D
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back