I Can't Remove Virus (Win32/Crypt.Exe)

By ComputerNo0b
Oct 24, 2007
Topic Status:
Not open for further replies.
  1. I can't remove the virus stated in the title.
    I tried KillerBox but i can't seem to run it.
    This is the message that appeared when i tried to remove it.
    "This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem."
    I downloaded KillerBox alot of times but i just can't seem to run it.
    I keep on seeing that AVG Antivirus has found the virus and i move it into the virus vault, but there are endless amounts of them. I tried SpyCatcher, Windows Defender and Ad-Aware but none of them seem to work.
    It is very annoying and i wish to stop this as soon as possible.
    [Edit] I am also unable to download HijackThis as it also displays the same error message.
  2. Rik

    Rik Banned Posts: 4,985

    Hi ComputerNo0b and welcome to TechSpot. :wave:

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.
    Please post the result of this scan before proceeding.

    If you encounter problems, go straight to step 3 in the link below and run an online virus scan.

    Then you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I can't find the dslreports links in the CLEAN or REFORMAT thread.
    It's taking so long to search..
    Btw, Hi rik.

    Finally. FindAWF completed searching.
    [edit] I attached the document.
    Btw, There's some kind of buzzing noise in my computer. Is it a problem?

    Attached Files:

    • awf.txt
      File size:
      280 bytes
      Views:
      5
  4. Rik

    Rik Banned Posts: 4,985

    Your awf log is clean. You need to do as much of the other scans as you possibly can.

    If the links wont work for you. Go to http://housecall.trendmicro.com/ and do an online scan.


    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    Trend Micro said that my internet connection was very slow. :mad: It IS very slow.. It's almost 7pm here in Singapore and i hafta go eat soon.. Mum is hopping mad and i don't know what to do. I'm worried for the computer...
    [Edit] I was looking at AVG Antispyware's scan log when i saw that ALL of the "Infected" files were just tracking cookies.
    PS: I'm doing a quick scan.
  6. Rik

    Rik Banned Posts: 4,985

    If you are sure that it is a virus problem that you have then you will need to persevere with the online scan.


    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I think this is where the virus is "hiding".
    AVG's virus vault showed me this.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Comtent.IE5\VH2P50K0\ps19[1].exe
    [edit] Your words gave me strenght! (puts on 'Victory' headband)
    Just joking.. i'm gonna go bathe now.
  8. Rik

    Rik Banned Posts: 4,985

    Within internet explorer, click on Tools then Internet Options, then Temporary Internet Files, Delete Files and see if that helps.

    It will clear all your tempory internet files so it may take a while to visit previously visited sites for the first time.



    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    Oh, I din't see that first post. I'm sorry.
  10. Rik

    Rik Banned Posts: 4,985

    That is not an ATTACHMENT.


    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I scanned it.. but no log came out..
  12. Rik

    Rik Banned Posts: 4,985

    Your avg log says "no action taken". You need to get it to delete all entries.

    I now need the rest of the requested logs.



    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  13. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I deleted all of the files.
    I can't find Trend Micro's log.
    I need to go and sleep now, it's 9.39pm now.
     
  14. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    The links for the dslreports are working fine, I`ve just checked.

    Forget the panda online scan if you`re having problems and continue with the rest of the instructions.

    Then, post the requested log files as well as the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  15. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I found something in my AVG's scan.
    It was the file sent to me!
    image07.zip and image09.zip.
    and ps[1].exe.
    image 07 and 09 are trojan horse IRC/BackDoor.SdBot3.
    ps[1].exe is the virus! Win32/CryptExe.

    Should I delete all the files in C:\Compaq_Owner\Local Settings\Temp ?
    I found the virus zip folder inside it.
  16. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Yes, you should delete them.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  17. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    Wow. I deleted 2212 items at one go.
    WAIT! i can't delete fnm100, it's being used by another computer or program.
    It's giving me this message.
    "Cannot delete fnm100: it is being used by another computer or program.

    Close any programs that might be using the file and try again."

    The files i deleted RESTORED THEMSELVES!
    I refreshed it.
    Then all the files came back!
  18. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Don`t worry too much about that at the moment.

    Just, follow the instructions, then post the 3 requested log files as well as the Panda Antirootkit scan results.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  19. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I can't download HijackThis.
    Bringing
    Up
    My
    Post.

    I'm going to run Combofix now.
  20. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    If your system is so badly infected that you can`t follow the instructions, then it seems like you don`t have much choice but to re-format.

    Sorry, but we can`t help you without seeing the requested logfiles.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  21. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    Why did ComboFix try to change my Internet browser settings?
  22. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    It does that to me as well. I use FF as my default browser and after running Combofix, it always changes mu default browser back to IE.

    Plus, if it detects infection within your browser, it has to change it in order to get rid of the infections.

    This thread is now at 23 posts long and is getting us nowhere.

    Unless you are able to post the log files, You really need to consider a format. It really is that simple.

    Edit: Please stop making multiple posts. If you forget anything, you should use the edit button, rather than making a new post, when there are no other replies in between.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  23. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    Okay. I'll take note of that. Here's the ComboFix log.
    `Going to scan with antirootkit now.
    -It said no rootkits were found.
    [edited]
  24. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, Combofix and AVG Antispyware log.

    I also want to know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of ComputerNo0b only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  25. ComputerNo0b

    ComputerNo0b Newcomer, in training Topic Starter Posts: 25

    I don't know what happened. After the 1st restart, i logged in again but suddenly, the computer restarted itself again.
    PS:I really don't know what happened.
    Would a Full System Restore help the computer to restore it's original factory settings without harbouring any viruses?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.