Win32/Cryptor Virus Is There Any Hope ?

Do it in safe mode.

ok restarted my computer and now its in startup repair mode and attempting the reapairs is this ok ?

its saying it will take several mins to finnish
should i leave it to do that or shut it down again and start it in safe mode ?

What does the screen look like? Does something like a scan come out with percents?

no it says your computer was unable to start
start up repair is cheaking your systems for problems ......
if problems are found, Start up repair will fix them automatically. Your computer might restart several times during this process.
No changes will be made to your personal files or information. this might take several mins.
then theres a scan bar moving accross saying attempting repairs but there is no percent value showing

it just resarted the computer
it showed a vista background with no words now its just idleing with a black screen and the mouse arrow

I see, let it finish then go to safe mode.

ok still idleing shoulds i shut down and restart in safe mode manually or ????? leave it to idle on the black screen ?

Are you able to access task manager(Ctrl+Shift+Esc)?

no it wont let me

Then restart your computer in safe mode and see if you can see your desktop.

ok attempting now

ok I am at my desktop in safe mode all my icons are huge lol
now what ?

Do the following:

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

i cannot get on the net with my wifi while my laptop is in safe mode i am corisponding with u from my pc desktop

You need to boot in safe mode with networking to be able to use the internet:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

SHOULD I RUN COMBO FIX NOW ?

If you are in Safe Mode with networking yes.

OK RUNNING IN SAFE MODE WITH NETWORKING AND A MESSAGE POPPED UP SAYING WINDOWS MUST RESTART BECAUSE THE DCOM SERVER PROCESS LAUNCHER SERVICE TERMINATED UNEXPECTEDLY AND IT SHUT OFF AND I GUESS IS ATTEMPTING TO REBOOT NOW I AM AT A BLACK IDLE SCREEN AGAIN

WHAT SHOULD I DO NOW ITS NOT LOADING

this is frustrating

I know, but stay calm.
Combofix is not loading?

cheaking to see if combo fix works in safe mode without networking

Okay, let me know, and if not, we'll attack it manually rather than using Combofix.

ok double clicked on combo fix while in safe mode and a warning message has popped up saying Combo fix has detected the following real time scanners to be active
antivirus: AVG Anti-Virus
antispyware: AVG Anti-Virus
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. this may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking OK

i have not pressed anything yet and am waiting for further instruction
thank you

Hello.
Did you disable AVG before running Combofix? you have to go into the AVG control center and turn off the shield.

at this point should we attack it manually???

No, I've not seen AVG interfere in any of my cases. Go as far as uninstalling AVG if we have to.

ok yesterday i turned off the resident shield on avg in the control center so i could run the hijackthis scan the problem was after i turned off the resident shield i could no longer use normal mode because the virus wont permit it to load it just idles in black screen Win cryptor score 2
Home team score 0
i posted the hijack this scan but after that the virus invaded the laptop more because i guess i disabled the resident shield BAD IDEA before that i was still able to go on the net use normal mode and download the only thing that was happening was the resident shield kept pooping up saying it was infected now i cant do any of that and the computer only works in safe mode and i dnt think i can disable the avg while in safe mode or can I ??

waiting for next step

Ah.
Allow Combofix to run then, even if it's active, because it's in safe mode and won't interfere.

again thank u for your help and i do pledge allegance in the fight against these monstrosities through this experience not only do i hope to gain knowledge on getting back control of my laptop but i also would like to help others fight against this war on terror in the form of viruses!!!!
so they will not have to suffer the despair i have......
because this is utterly poposturouse

ok running combo fix now

ok combo fix message popped up and says
Rootkit!!
ComboFix has detected the presence of rootkit activity and needs to reboot the machine.
Kindly note down on paper, the name of each file we may need it later
C:\Windows\system32\drivers\UACnrryvpcimctxiwqpj.sys
C:\Windows\system32\UACtloexwmvapmdxehpm.dll
C:\Windows\system32\UACqemqpysdqcfcpowpu.dll
C:\Windows\system32\UACifiveebsnnwtbupqb.dat
C:\Windows\system32\UACgpmotwvpqyqeauptj.dll
C:\Windows\system32\UACnbofqwxarxnjrsxea.dll
C:\Windows\system32\UACxxwvvgtjkrlytoonp.log
and it has a tab OK
now should i go ahead and press ok and after which i do so will it automaticaly reboot in safe mode or do i have to press F8 and do it manually so it will go to safe mode

waiting for instruction

Hello.
I already know there would be a rootkit, so hit ok and it continue.

ok but when it reboots should i pressF8 or would it reboot in safe mode automaticaly ?

Press F8.

ok the system has rebooted and i have pressed F8 for it to run in safe mode again ready for the next step

It should of continued after reboot, if it's finished, please post the log.

it didnt continue its just showing the desktrop and its in safe mode

Hmm. Reboot normally and see if you can get into normal mode this time.

ok rebooting normally now

still booting

ok i still have the black screen in normal mode with the mouse pointer as the only thing showing

ok it has been 3 hours in normal mode and there is still just a black screen with just the mouse pointer should i shut down and restart in safe mode again ?

ok in safe mode again
waiting for instructions
this is utterly rediculouse

i think i am at the point where i have take the virus out manually

Okay, lets use something else.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log maybe quite long, so please upload the log to rapidshare.com

Please read all of the posts before making suggestions
my laptop is only running in safe mode so i cannot download any thing to it .
I am corresponding on My Pc desktop which is how im getting online my laptop wont get online , I was told in order to run hijack this and paste the scan no, one hes even referd to that and i had to diable my resident shield in order to do the hijackthis thing at which point the virus got aggressive so please read all of the posts b4 u make suggestions due to the fact i dnt want to make it worse than it already is .......

There's a rootkit on this machine, HJT won't do anything for that, not powerful enough.
That's why I wanted to use GMER, it can find the rootkit, then we can kill it.

Use a USB stick to transfer tools across from if needed.