Spyware, viruses, & security : Help Me !! PC infected by ViCrypt Error
Help Me !! PC infected by ViCrypt Error
by jainsonrj007 - 10/6/09 3:19 AMhey guys,
my PC's My Document is infected by ViCrypt error due to which all the files in the My Document folder whether its word file or Pdf or even a mp3 one has got a ViCrypt extention..Is there any way i can disinfect them..I dont wann lose my those files..Those are very important ones..Please if any one can help me..
You could give the following a try....
by Marianna Schmudlach
- 10/6/09 6:51 AM
In reply to: Help Me !! PC infected by ViCrypt Error by jainsonrj007
Please download Malwarebytes Anti-Malware (v1.33) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.
Notes: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.
Download and scan with SUPERAntiSpyware Free for Home Users
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
Reply
by jainsonrj007 - 10/6/09 8:45 AM In reply to: You could give the following a try.... by Marianna Schmudlach
Thanks Marianna, its very kind of you to take out time to help me.
This is the log report of Malwarebytes' Anti-Malware 1.41 after the scan. I am sorry to say but it couldn't disinfect the ViCrypt error files. I have Kaspersky Internet Security 2010 installed on my PC, but it does not deduct ViCrypt error. Hope u can give me any other way. Again thank you for your time.
Malwarebytes' Anti-Malware 1.41
Database version: 2915
Windows 5.1.2600 Service Pack 3
10/6/2009 9:08:18 PM
mbam-log-2009-10-06 (21-08-18).txt
Scan type: Quick Scan
Objects scanned: 96813
Time elapsed: 4 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Can you still SEE this file..
by Marianna Schmudlach - 10/6/09 8:58 AM
In reply to: Reply by jainsonrj007
C:\Program Files\Setup.exe (Rogue.Installer) ??
If YES, go into SAFEMODE and delete it from there. You also could try running SuperantiSpyware .
No Effect..!!
by jainsonrj007 - 10/6/09 11:02 AM In reply to: Can you still SEE this file.. by Marianna Schmudlach
I have deleted the file C:\Program Files\Setup.exe from the Malwarebyte's Quarantine list. I have checked it also in Program files it not there now. I have also installed the SuperAntiSpyware & scanned with it the entire PC but it was unsuccessful in dealing with ViCrpyt error. Plz help me for the same.
In that case, I would suggest....
by Marianna Schmudlach - 10/6/09 11:10 AM
In reply to: No Effect..!! by jainsonrj007
downloading HiJackThis from here:
http://free.antivirus.com/hijackthis/
Using HijackThis
To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan.
Then post your log at ONE of the following HJT forums:
http://www.malwarebytes.org/forums/index.php?s=3bc54148eb5885f4b8c7295fa434fb79&showforum=7
http://www.bleepingcomputer.com/forums/forum22.html
http://www.geekstogo.com/forum/index.php?s=e39ad7e237ae123f43517316e44bf4bf&showforum=37
http://www.spywareinfoforum.com/index.php?s=5028cc67f4e5562d636b9a77c9017749&showforum=18
http://forum.gladiator-antivirus.com/
they will analyze your log and give you instructions what to do.
Good Luck !
delete vicrypt :-D
by koza850914 - 10/26/09 1:14 PM In reply to: Help Me !! PC infected by ViCrypt Error by jainsonrj007If You wont DELETE vicrypt error without 19,99E or else , but you will LOST EVERY file with .vicrypt do this:
1)if you install some program and then you see vicrypt error delete this program (my was: rapidsharedownloader )
2)delete folder which exist this program in Program Files
3)delete all damage files and folders
4)go to Start->Run->regedit
5)edit->search->regdtopd
6)delete and press F3 delete again and F3 and delete...(all keys)
7)exit regedit
8)reboot - your computer is free of vicrypt error :-D
PS.Sorry to my language 
Little clarification
by jainsonrj007 - 10/28/09 6:29 AM In reply to: delete vicrypt :-D by koza850914hi..thankz for writing in..u said that i will lose every file infected by vicrypt error..is there any way i can heal my files infected by it..i also didnt get u in relation to "If You wont DELETE vicrypt error without 19,99E" you have written..what is 19,99E..is it necessary to go through the process u have written..instead we can also delete it write away also..
Symantec has released a Tool
by Quads - 10/29/09 9:10 PM In reply to: Little clarification by jainsonrj007Hi
Symantec has released a tool to decrypt the files encrypted with .viscript
See post on message thread
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=83945#M83945
Quads
Antivicrypt,
by president009 - 10/30/09 12:01 AM In reply to: Help Me !! PC infected by ViCrypt Error by jainsonrj007I use Antivicrypt. Just test it and maybe it will help you.
but you need to know that:
What is Vicrypt?
Vicrypt seems to be a malware and it has been out since around May 2008.
What Vicrypt does?
Vicrypt damages lots of files on the user's computer, rendering them unreadable and changes the the file's extension to ".viCrypt" making the files more unreadable thus crashing programs and applications utilizing the damaged files. Emails are also affected with vicrypt. Most of the time Vicrypt starts by displaying a message "Vicrypt Error".
Antivicrypt..
by jainsonrj007 - 10/30/09 3:35 AM In reply to: Antivicrypt, by president009I had used the Antivicrypt software but the problem is that it repairs only 7 files in its trial version. For repairing all the files one will have to buy the software which is way too expensive at 40 dollars. Do you known any free software..
Symantec Removal Tool
by Carol~ - 10/30/09 4:19 AM
In reply to: Antivicrypt.. by jainsonrj007
jainsonrj
Please see this post by "Quads", with the subject "Symantec has released a Tool". He references a post created by a Symantec employee (DesiT) last night, at the Norton Community Forum, which (in part) say:
'...We created a tool to recover files which have been encrypted and renamed to 'vicrypt'. The tool is freely available here. It was posted onto our server just a couple of hours ago. The tool is for one strain of the malware that we could locate encrypting people's files.'
The Trojan.Ramvicrype Removal Tool can be downloaded from here, if you wish to give it a try:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-102921-3210-99
I haven't had cause to use it myself, but it might be worth a try.
Carol
It Worked...
by jainsonrj007 - 10/31/09 12:35 AM In reply to: Symantec Removal Tool by Carol~
I used the Symantec Removal Tool and guess what is worked very well. It replaced the infected files to its normal condition. It hardly took 5 minutes to do all this. Great Tool!! Thank you Everyone for helping me out..
Regards,
Rishabh
Good News! Something of possible interest..
by Carol~ - 11/3/09 6:46 AM
In reply to: It Worked... by jainsonrj007
Rishabh..
I'm sure I share the same sentiments with everyone who helped, when saying, it's good to hear you got your files back. Although a few days old, you might find the following of interest. It's from Symantec's Security Blog.
"Tales from the Crypt"
Carol
Free tool to decrypt and more information from Symantec
by tenctenc - 10/30/09 7:20 AM In reply to: Help Me !! PC infected by ViCrypt Error by jainsonrj007Free tool to decrypt and more information from Symantec
http://www.symantec.com/connect/blogs/tales-crypt
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
