I have Avast 4.8 home with the latest iAVS running. I’ve performed a thorough scan of all hard drives & have also done a on-start-up scan. It hasn’t picked up any viruses.
But when I insert an empty CF card into my computer, a file called crypt.exe and an autorun.inf files got copied onto it. I guess that this is a virus trying to spread itself.
I’ve never had a situation that Avast would not be able to identify and clean a virus. What can I do to clean my machine (short of reinstalling my XP SP3)?
* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives including
your mobile phone. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.
You could also perform a additional scan with stinger.exe: Free worm removal tool; McAfee Avert Stinger: http://vil.nai.com/vil/stinger/ Use the latest online version of it, you can use it alongside your resident avast av-solution,
It still could be a false positive. Also send it here: http://anubis.iseclab.org/?action=home
Report the results here. As crypt.exe can be a FP, like to hear the verdict of the Vienna university scanner,
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
I did a very extensive survey online for crypt.exe and this has lead me to believe rather strongly we have a false positive here. If not I am not going to eat my hat, but I will fast for a day at least.
Very curious after the anubis results. What is your view on the matter? Oh, I see you have given that above, well in that case we have a secondary infection of crypt.exe through the auto-run infector,
Well there are some that may just be using a legit file to encrypt folders, etc. autorun.inf could launch an application, which in turn could use crypt.ext to encrypt folders/partitions, etc. Something along the ransomware attack (speculation though) ???