Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/cryptor virus and trojans have led to blue screen


  • Please log in to reply
4 replies to this topic

#1 shepster

shepster

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 21 March 2009 - 02:47 PM

Hi, I cant remove any virus or update any programs on laptop, I've tried a few different options from various forums but nothing seems to work, I'm getting the blue screen more & more often, Please can someone advise how to remove these virus's. Here's a summary of what has happened and what i've tried

My son has a laptop, Dell Vostro A860, Pentium dual core cpu T2390 @ 1.86ghz, 1.00 gb ram, Vista basic SP1 32 bit OS
It had AVG pro installed and has been working fine since xmas.
Yesterday AVG announced it found 2 x Win32/cryptor virus's, when i tried to remove I was told operator interupted and was unable to remove, Then AVG update said was unable to connect to server and started to put red cross's on all componants.
I changed his browser to Firefox and disabled IE, ran AVG and nothing was found but update manager would still not work and was declaring everything was out of date.
I read through some threads on a few forum sites and tried to sort problem myself but think I might of made it worse by removing and installing different programs, this is what happened.

I removed all antivirus programs I could find (AVG, Avast)
Installed Avira, I then tried to install a firewall but system would not allow it (comodo,zone alarm)
Installed CCleaner, closed all programs and ran CCleaner, then avira and all good so far.
Disabled real time monitoring and tried to install Malwarebytes Antimalware, it downloaded but would not run "program not responding"
Tried to install Super Anti Spyware but same problem again but this time got blue screen, rebooted in safe mode and wiped these 2 programs.
Started back up in normal and ran avira but got blue screen half way through scan.

Cant work out what is wrong, maybe i've just installed and cleaned to many programs and comp don't know if it's coming or going!

I'm now in safe mode with networking and only have avira and ccleaner instaled (i think) if anyone has any idea what to do I would be very much gratefull for your input.

Thanks in advance

I've now started up in normal mode and have 2 trojans to add to the list, these are
TR/PCK.Tdss.F.1696-Trojan
TR/Dropper.Gen-Trojan
and a msn application error, failed to start.

Thinking might be better off re-installing windows

Edited by shepster, 21 March 2009 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:01 AM

Posted 22 March 2009 - 06:37 PM

I removed all antivirus programs I could find (AVG, Avast)

You should only have one AV

If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.


Also try

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 shepster

shepster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 29 March 2009 - 12:21 PM

Hi garmanma, sorry I've taken so long to reply to your helpfull response but haven't been able to get to my son's laptop, but I did re-install windows prior to your reply and managed to install the various spyware & antivirus programs and then the only virus it found was in the windows old file and I've deleted those that avira found.

Anyway's I followed your instructions and Dr'Web didn't find any problems,
It didnt leave me the file you mentioned and the "save file" drop down was greyed out (suppose because there was nothing found)

Does this mean I managed to rid the virus by re-installing windows and can I delete the windows old file?
I'm still getting a few odd problems with certain programs but if this continues I will post again in the correct forum.
Is it wise to leave Dr Web cureit on the computer? Its also running - Avira antivirus, Super Anti Spyware, Comodo firwall and CCleaner, those were the programs I was recommended to use to sort the previous virus that I couldn't get rid off, but now that the laptop is ok but running a lot slower than when it was new.

Anyway thanks for your help and if you think I should do anything else please let me know

Thanks again

Edited by shepster, 29 March 2009 - 12:24 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:01 AM

Posted 29 March 2009 - 04:48 PM

Does this mean I managed to rid the virus by re-installing windows and can I delete the windows old file?

Yes

Is it wise to leave Dr Web cureit on the computer?

Go ahead and remove it. You can always redownload when you need it

if you think I should do anything else please let me know

This is the speech I use when people are finally cleaned up

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

-------------------------------

[/list]Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software, crack sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 shepster

shepster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2009 - 05:09 PM

Thanks for your help, alls good now

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users