[LaVondra]

I recently got a weird screen on my computer so I decided to scan it with my AVG and I had 104 infections from a virus called Win32/cryptor. But everytime I try to remove it with AVG it doesn't work. So I ran my Malwarebytes program that I already had on the computer( After I updated it of course) but it only found 2 files infected and I was puzzled about what happened to the other 102?? So I ran AVG again and they were still there! I went online and did some research on how to remove it but everything I find is saying to download Malwarebytes and run it but I already have it and it hasn't removed this virus! I really need my computer for school and can't afford to pay somebody to come fix it! Can anyone tell me step by step what I need to do? And please, I'm still fairly new at this so details would help me alot!

[Advertisements]

Hello LaVondra,

Welcome to Geekstogo.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. In your case I am assuming you have AVG8.
  
  How to disable AVG's Resident Shield.
  
  Right click the AVG icon and click Open.
  
  In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[emeraldnzl]

Hello LaVondra,

Welcome to Geekstogo.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. In your case I am assuming you have AVG8.
  
  How to disable AVG's Resident Shield.
  
  Right click the AVG icon and click Open.
  
  In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[emeraldnzl]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[emeraldnzl]

Reopened at users request.

[LaVondra]

Ok. before I do anything I just wanted to let you know that I got rid of AVG and downloaded Norton 360, but it hasn't really helped because a lot of my programs still wont open.

[emeraldnzl]

Have you tried to run ComboFix yet?

Note: You will need to disable your anti-virus, anti-spyware programs etc.

[LaVondra]

I'm downloading it now

[LaVondra]

ok i've tried to open one of those links numerous times but everytime I click on one the window freezes up and goes to not responding.

[emeraldnzl]

I have just tried with my computer.

Link 2 and link 3 worked for me. Did you try them?

[emeraldnzl]

By the way make sure your AVG Resident Shield is off. It or another anti-malware tool like a firewall for example often stop our tools from downloading.

If none of that works let me know.

[LaVondra]

I don't have AVG anymore but i did disable Norton 360 and my firewall. Alot of my programs wont open anymore and when i try to open any one of the links it freezes for a while and then the window says Not Responding.

[emeraldnzl]

Hello LaVondra,

See if you can update your Malwarebytes and run a scan. Post the log created back here.

Next

See if you can download and run this:

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post

• MBAM report
• OTL logs - OTL.txt and Extras.txt

Note: If you can't carry out any of the above come back and tell me.

[LaVondra]

Ok I'll scan it tonight and get back with you tomorrow after work! Thanks

[emeraldnzl]

Okie dokie

[LaVondra]

Hello again! Ok I was able to scan the computer with my Malawarebytes but only a quickscan would work, but this darn computer will not download a thing! OTL kept freezing on me as well! Hopefully something willl work today so I don't throw this thing out of the window! Here's the MBAM Log:

Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 5.1.2600 Service Pack 3

8/18/2009 11:55:41 PM
mbam-log-2009-08-18 (23-55-41).txt

Scan type: Quick Scan
Objects scanned: 23768
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)