Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cryp fakeAV-17


  • Please log in to reply
3 replies to this topic

#1 needofhelpasap

needofhelpasap

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 October 2009 - 11:15 AM

Hello to all...

last night my step son downloaded a virus to my computer, my anti-virus detected it as "cryp fakeAV-17".

since then i have been trying in anyway that i know to get rid of it, but with no such luck.

The virus had completely blocked my computer from doing anything possible against it, e.g. i tried to locate the virus on my drive to delete it, but as soon as i right click on it a window pops up saying not possible to delete.
- it also blocked my anti-virus from opening it's scan page
- also tried to remove it from the add/remove program in the control panel, but it does not open
- also i tried to close the virus's program by typing the combination "ctrl+alt+delete" but with no luck there.

i used a different computer to research what i can do to get rid of it, what i have found was to download "Malwarebytes" and use it to scan and remove the virus.

as i mentioned, the virus has taken over my computer, so i downloaded the software from a different computer, put it on a memory stick and tried to install it on the infected computer, guess what happened... Nothing.

the virus is preventing me from doing anything against it.

i'm getting helpless and frustrated, the only thing i know to do now is reformat the computer and lose everything on it.


please help

Edited by Amazing Andrew, 09 October 2009 - 12:04 PM.
Mod Edit: Moved to AII from WinXP - AA


BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:08:59 PM

Posted 09 October 2009 - 12:00 PM

Perhaps others can advise if this is a suitable case for booting up with a Linux Live CD,
lifting your personal files off, onto an external drive and then dealing with the infected disk.

Seems like a format and reinstall would then be appropriate, if the usual methods fail.

I've been impressed with Linux Mint 7, (Gloria),
but then I've not yet experienced the problem you have,
so I would also like to hear what others say.

#3 tbone1031

tbone1031

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 October 2009 - 01:02 PM

The exact thing just happened to me about an hour ago. This is a nasty little bugger. Created a 51591728.exe file in a folder under the C:\Documents and Settings\All Users\Application Data named 51591728. Every time I attempted to get to anything (MMC, Task Manager, Trend Micro, etc.) it blocked it.

So far what I have done is physically remove the hard drive from the computer and hook it up to another. When I booted up the new computer, I was able to access the new drive and delete the EXE file that was created. I am now in the long process of doing a full system scan on the infected drive to look for more that may have been infected.

Hope this helps... I will post again after the scan is complete.

Edit:

Found this... looks like the executable file is random:

http://vil.nai.com/vil/content/v_235661.htm

Edited by tbone1031, 09 October 2009 - 01:41 PM.


#4 tbone1031

tbone1031

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 October 2009 - 03:00 PM

It looks like we got everything... it's working again. Hope this method helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users