Win 32/ Cryptor, then Antivirus Pro, now, program to big for memory

Hello.

I am having a few "issues". I have the Win 32/ Cryptor virus. I tried Malware Bytes and Spybot S&D to no avail. Last night I started getting the Antivirus Pro pop-ups. Now when I boot up I get multiple command prompt screens. When I tried to download Hijack this, I get "Program to big for memory". The same thing happens when I try to open Malware or Spybot. Help.

Oh, I have AVG, Malware, and Spybot installed.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

So, I tried to open and disable my AV and anti-malware and it won't let me open it. I keep getting "program to big to fit in memory". I got AGV to open under Run as, but when I go to disable Resident Shield it denies the operation. When I try to open MBAM I get "runtime error 481 invalid picture.

I tried this in Safe Mode w/networking with the same result.

I downloaded Combo Fix, but when I try to run it, I get the "program to big for memory" pop-up and it won't run.

Also when I log on to my account, I get alternating command prompt screens, "desot.exe" and "ntvdm.exe"

Hmmm...

bumpity bump. thanks.

Hello.
Delete this file in bold:
C:\Windows\system32\desot.exe

Now when you run things, do you get an "open with" menu on everything?

i have the same problem and i deleted that desot.exe file and now i get "open with" when i click on programs

k-morelli - Please start your own topic.

Belahzur wrote:

Hello.
Delete this file in bold:
C:\Windows\system32\desot.exe

Now when you run things, do you get an "open with" menu on everything?

So I deleted the file and I do not get the "open with" menu on anything. However I now have 2 "antivirus" programs that I did not download.

1. Advanced Virus Remover with an official looking windows avatar

2. Antivirus Pro_2010

They keep popping up.

When I try to open MWB or Spybot I get a warning, "Windows cannot access the specified device, path, or file. You may not have permissions to access the item."

How to proceed? Thank you.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Due to lack of response, this topic is now closed.

If you need the topic reopened, PM an administrator or moderator.