Im not sure if posting a solution as a thread here is allowed, i skimmed the rules but didnt see anything saying no. SO sorry if this is in violation i sincerly apologize. ( all i saw was no posting in other members threads unless aproved staff)
Anyways, i was called over to a friends house who had been recently infected with the new cryptor.
I was able to stop it, and get rid of everything. As following are system spec and what i did. Hope it helps you out.
Windows XP service pack 3;
First thing i noticed, was there was a program named WinPC trying to get you to "purchase" its anivirus as it has found 13 threats on your computer. Now, this MAY or may not be part of cryptor, not sure, as no one else has mentioned this.
Secondly, all links from google, yahoo etc would be automaticly redirected to some ad revenue site. As well as when i tried to scan/install ANYTHING to do with antivirus, (EX/ kaspersky, avg, malwarebytes etc) it would lock up, and say its an attacker. Anything that was already installed, would simply lock of and freeze the computer when i would scan (lock up after roughly 50%... once it hit temp internet files OR system32 files.)
After playing with avenger and malwarebytes, with no luck (would either not let me open it, or would reboot the computer automaticly before anything could be done) I booted in safe mode with networking (im sure plain ol safe mode would do the trick too) and installed malwarebytes.
NOTE!>>>>>> After doing some searching i noticed malwarebytes (the update on may8th 2009) seemed to be helping people out keeping the virus at bay. After doing a QUICK scan in safe mode, it found 42 items, and with ease removed them. It then asked i reboot to remove the rest (which it didnt specify what).
Upon reboot i noticed WinPC was gone, and google etc seemed to be working fine.
Lastly, i went into my system folders, and got rid of all UCA----------- files. and rebooted one last time.
After all was said and done i tried search my registry, system, and ran my virus scans over once more. and to my delight found nothing. and all seems to be running well. (Hijackthis log seems to be clean as far as i can see too)
CONCLUSION > From what i understand malwarebytes has cracked this virus, you just need to boot in safe mode to ensure the virus doesnt lock you out and play its games.
So to all of you that are still fighting with this virus, try to simply scan with malwarebytes (or from what i have read very recently AVG Free) from safe mode, And let me know how it goes.
Solved for me on may.12/2009 10:32pm
(Fun fact... in the registry, before malwarebytes removed it, i found the following entry.. "Created by N!ghtW!sh, f***ing you since 2000 month 02. Kreator of the best f***ing viri in the world. Cryptor V3 Rogue Edition, spawned from hell on apr 19/09)
Anyways, i was called over to a friends house who had been recently infected with the new cryptor.
I was able to stop it, and get rid of everything. As following are system spec and what i did. Hope it helps you out.
Windows XP service pack 3;
First thing i noticed, was there was a program named WinPC trying to get you to "purchase" its anivirus as it has found 13 threats on your computer. Now, this MAY or may not be part of cryptor, not sure, as no one else has mentioned this.
Secondly, all links from google, yahoo etc would be automaticly redirected to some ad revenue site. As well as when i tried to scan/install ANYTHING to do with antivirus, (EX/ kaspersky, avg, malwarebytes etc) it would lock up, and say its an attacker. Anything that was already installed, would simply lock of and freeze the computer when i would scan (lock up after roughly 50%... once it hit temp internet files OR system32 files.)
After playing with avenger and malwarebytes, with no luck (would either not let me open it, or would reboot the computer automaticly before anything could be done) I booted in safe mode with networking (im sure plain ol safe mode would do the trick too) and installed malwarebytes.
NOTE!>>>>>> After doing some searching i noticed malwarebytes (the update on may8th 2009) seemed to be helping people out keeping the virus at bay. After doing a QUICK scan in safe mode, it found 42 items, and with ease removed them. It then asked i reboot to remove the rest (which it didnt specify what).
Upon reboot i noticed WinPC was gone, and google etc seemed to be working fine.
Lastly, i went into my system folders, and got rid of all UCA----------- files. and rebooted one last time.
After all was said and done i tried search my registry, system, and ran my virus scans over once more. and to my delight found nothing. and all seems to be running well. (Hijackthis log seems to be clean as far as i can see too)
CONCLUSION > From what i understand malwarebytes has cracked this virus, you just need to boot in safe mode to ensure the virus doesnt lock you out and play its games.
So to all of you that are still fighting with this virus, try to simply scan with malwarebytes (or from what i have read very recently AVG Free) from safe mode, And let me know how it goes.
Solved for me on may.12/2009 10:32pm
(Fun fact... in the registry, before malwarebytes removed it, i found the following entry.. "Created by N!ghtW!sh, f***ing you since 2000 month 02. Kreator of the best f***ing viri in the world. Cryptor V3 Rogue Edition, spawned from hell on apr 19/09)
