Cannot find out how to get rid of win32/crypt.exe virus

Status
Not open for further replies.
jimflint1

jimflint1

Posts: 210   +0
I've tried all the trojan etc. fixes suggested by Howard for generalized fixes, but I can't figure out how to get rid of this virus. Apparently it changes names everytime you shut off the comp, so should I leave my comp on until it's solved or what? Do you have any ideas for ridding myself of this pest?

Thanks,

Shane
 
Hi Howard. Here are my hijackthis log and AVG antispyware log. I actually have done this twice (your outlined procedure). I did it the second time because I wasn't sure I'd done everything exactly right, so the AVG log doesn't show anything--or maybe it's not supposed to. Anyway, here they are:
 
Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard, I just ran the AVG Virus Scan again and it's still showing the Win32/Crypt.exe virus.
 
Download and run this tool HERE.

Please let me know the results.

If AVG still finds the virus, pleas let me know the full filepath to it.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
The tools turned up nothing, but AVG still did. I found the full path to the file containing the virus. Here it is: C:\Documents and Settings\Shane.EHANMIGDAINE\Application Data\IDM\DwnlData\Shane\TRUE_89
 
Ok, download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Let me know the results and post a fresh HJT log.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard, you are a saint! The file appears now to be gone. I appreciate your time and advice very much. Here's my hijackthis log below.

Best wishes,

Shane
 
Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yikes, Howard, I think I still have it. I ran another virus scan just a few minutes ago and the same virus turned up again, with another path. The former path was c:\documentsandsettings\shane.ehanmigdaine\applicationdata\IDM\downldata\Shane\TRUE_89

Now the virus is back again with this path name: C:\!killbox\true_89\TRUE

Or, does this mean it's quarantined in killbox?
 
That`s the killbox backup of the file you deleted. Just delete the killbox backups file.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
More and more pop-ups

I'm getting flooded with pop-ups these days and I don't enjoy having to click on them to get rid of them. Any good ways to block them?
 
Post a HJT log as an attachment and I`ll take a look.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have merged your new thread into this one.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

QFSCHD110.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.usefulware.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.usefulware.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.usefulware.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.usefulware.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com

O4 - HKLM\..\Run: [QuickFinder Scheduler] "F:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

Click on the fix checked button.

Close HJT.

Reboot your system and post a fresh HJT log. Let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

Regards Howard :)

This thread is for the use of jimflint1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

G
  • Locked
Inactive I cannot get rid of "Win32/SupTab!blnk" virus
Replies
7
Views
3K
Broni
Broni
wrcdustin
My new laptop on win8 crashed and me and some tech buddies cant figure out how to fix
Replies
5
Views
1K
bazz2004
B
I
  • Locked
Solved The malware/virus I can't get rid of.
Replies
20
Views
16K
Bobbye
Bobbye

Latest posts

Back