Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I still have Win32/Cryptor virus? Help!


  • Please log in to reply
5 replies to this topic

#1 metallicabreath

metallicabreath

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 16 November 2011 - 08:46 PM

Hello!

I started up my laptop today and everything was fine. I checked facebook really fast and then put the computer to sleep for 2 hours. When I came back to it and tried to start up Mozilla Firefox again, it told me AVG had detected a virus called Win32/Cryptor. I ran the AVG scan and it found 5 threats. I then googled the virus and found a helpful thread on this forum, telling me to download Malwarebytes' Anti-Malware. I downloaded and ran the quick scan and the log told me it found nothing. From googling the virus I thought it was pretty rare that AVG would get rid of the virus on it's own, but Malwarebytes' is telling me it did. This is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/16/2011 8:22:01 PM
mbam-log-2011-11-16 (20-22-01).txt

Scan type: Quick scan
Objects scanned: 167488
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


So does this mean my system is safe? I read that it could steal passwords/financial information but should I be alright in that aspect now? Thank you in advance for any help. I really want to make sure my system is safe before I enter any personal information on my laptop again.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:13 AM

Posted 16 November 2011 - 08:53 PM

Welcome aboard Posted Image

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

======================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 metallicabreath

metallicabreath
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 16 November 2011 - 10:19 PM

Thanks for the quick reply!

I ran the first and it told me no threats were detected and did not provide me with a log.

The second I ran and it told me 1 infected file, multiple threats and this is all it said:

C:\Users\Ashley Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\48c8f3a9-66092fe4 multiple threats


What should I do now? I guess my computer isn't clean.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:13 AM

Posted 16 November 2011 - 10:34 PM

It was in Java cache.
Since it has been removed I wouldn't worry much about it.

Are you experiencing any issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 metallicabreath

metallicabreath
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 16 November 2011 - 10:38 PM

No, nothing besides the AVG pop ups that happened at first but those stopped as soon as I ran that first AVG scan.

I'm glad it's nothing to worry about. Thank you so much for your help!

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:13 AM

Posted 16 November 2011 - 10:39 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users