Hubby’s laptop was recently infected with a computer virus. The virus disrupted the computer’s browsers (Mozilla Firefox & Internet Explorer), causing any search links that were returned from Google to be redirected to spammy websites when they were selected. The only way Hubby could get to a website he wanted was to type the URL in the address bar at the top.
Another feature of the virus was that it had disabled most of the anti-virus/anti-spyware software we had installed. (I know, I know. The techies in the audience are saying, “But you’re not supposed to have more than one type of anti-virus software on your computer at a time. They fight with each other.” The programs on the laptop were ones installed as part of a process to clean up a previous virus, a process that is outlined in a Malware Removal Guide from Major Geeks.)
An AVG Free virus scan identified the virus as Win32/Cryptor. While we were able to scan with AVG and remove some instances of the virus, the program could not remove all of the infection.
As I made my way through the Major Geeks’ Malware Removal Guide, I discovered that no matter what I did to clear the infection, Win32/Cryptor managed to disable every anti-virus program I tried. When I did a little research on Win32/Cryptor, I found out that this was one of the features of the virus and that whoever was behind it managed to keep changing the virus so that it would overcome any attempts to beat it. An evolving computer virus. How nice.
In the end, Hubby and I decided to purchase a new laptop. The virus was only part of the reason for our decision. His laptop had seen daily use for three years. The battery was worn out; the buttons under the finger pad were no longer working; and we couldn’t keep the power cord plugged into the back of the machine.
I’m sure there is some way to lick Win32/Cryptor, some program out there designed to kill it. In the meantime, I’ve always wanted to try wiping the harddrive of a computer. Now I have my chance.
Keep on top of those virus scans, people! (You, too, Hubby!)
9 comments
Comments feed for this article
June 30, 2009 at 8:01 pm
rick streicker
I’m also struggling with W32/Cryptor. Neither AVG nor Malwarebytes seems equal to the task. When I search for info on this virus, I get the distinct impression that the top sites are controlled either by the people who infected my computer (and now want to sell me a remedy) or criminals who want to infect my machine further for their own nefarious ends.
I’m still hoping for reliable info and an effective course of action–no luck so far. In the meantime, my computer seems to get less and less functional each day.
July 1, 2009 at 10:44 pm
woowooteacup
My brother has given me a suggestion, Rick, but I’m waiting for him to send me a link. I’d hate to post it here because the creators of Win32/Cryptor find ways around any solutions. If he sends me the link, I’ll send it on to you through email.
If his solution doesn’t work, I’m going to try wiping the hard drive and reinstalling the operating system software.
July 6, 2009 at 11:01 am
woowooteacup
For those of you popping over to find a solution to Win32/Cryptor, I haven’t yet got one, but you may be interested in my post on a strategy for tackling computer infections in general:
http://woowooteacup.wordpress.com/2009/07/01/strategy-for-tackling-a-computer-infection/
Good luck! And if you figure out how to clean up the infection without wiping the hard drive, let me know.
July 13, 2009 at 11:53 am
Wiping the Hard Drive « The Woo Woo Teacup Journal
[...] system restore, vinyl records, virus, win32/cryptor, wiping the hard drive Well, I’ve done what I said I was going to do. I’ve wiped the hard drive of Hubby’s old laptop. The computer became [...]
August 2, 2009 at 11:18 pm
traywolf
Here are the steps I used to remove the virus. It was laborous and it took several renames to get various anti-virus programs to work properly.
<a href='http://keyliner.blogspot.com/2009/05/removing-win32cryptor-virus.html'
August 9, 2009 at 7:11 pm
Mike Hall
What I do when I can not remove the virus by normal scanning, I remove the infected hard drive and slave it to another pc. THis way the virus and operating system are not active on the drive I am scanning. I don’t recommend this process for the novice computer user. I have a few years of experience in constructing and repairing pc’s.
August 10, 2009 at 12:51 pm
woowooteacup
Hi, Mike – I’ve never done much with the inside of a PC, though I did have my tower open for a minor repair once. Could you do the same thing – remove the infected drive – from a laptop, too? What does it mean to slave the drive to another PC?
August 12, 2009 at 8:54 pm
Mike Hall
I am reluctant to give out specifics since the untrained person could damage or destroy their computer. I have had training in handling electronic devices and still managed to destroy a few due to mishandling. Rather than try to explain the concept of ESD, here is a link to wiki ESD:
http://en.wikipedia.org/wiki/Electrostatic_discharge
Most people have an, “It can’t or won’t happen to me” mentality until their hard drive fails to funtion because the electronic componants on the drive were destroyed due to ESD. That being said, I shall continue on the “SLAVE” concept.
Slaving a hard drive is no different than pluggin in a “flash” drive or some other type of USB device.
You need a USB to SATA/IDE cable and some type of power source for the drive you are slaving to your working computer.
Turn off the UPnP Framework in your fire wall exceptions so when you plug in and activate the “slave” drive, you dont infect your computer. UPnP Framework is your Windows “plug and play” feature.
When the drive activates, scan it like any other drive on your computer. Any trojans or viri should be removed with little to no effort.
BE YE WARNED! If you have to ask any more questions about how to do this process, you dont have the experience necessary and should take your computer to a professional and pay to have it fixed.
August 12, 2009 at 9:25 pm
woowooteacup
Thanks for the explanation, Mike. I’ve heard of the dreaded electrostatic discharge (a.k.a. static electricity) when working with the insides of computers. That alone would make me nervous about messing with the guts. I’m also not knowledgeable enough about the various parts of a computer to even try to do something like this, so I’m taking your warning to heart.