Avast also told me that WIN32:CRYPTO infected my c:\windows\vmmhiber.w9x file with 2 warnings that cite the same path and file. Google located descriptions of the virus that indicate it attaches to the kernel32 file with certain signatures and can be very destructive but none mention whether it affects Windows ME. My kernel32 file is free of the signatures, but a search for the vmmhiber.w9x file yields no results.

  1. Why can’t I find the file that Avast cites as infected?
    2.I did not instruct Avast to do anything with this virus since the virus information (Symantec url http://securityresponse.symantec.com/avcenter/venc/data/w32.crypto.html ) states that deleting it takes out the files that the virus has encrypted, and that one must reinstall uninfected backup files which I don’t think I have.
  2. I have recently been getting error messages that the kernel32 has caused an error and will shut down (and the same type message for some other dll’s also, but when I shut down and reboot, the error messages do not reappear until I have shut down and rebooted 2 or 3 times. Then they show up again and I have to shut down and reboot again.
  3. Symantec states the following:

"The virus targets the following anti-virus files:
AVP.CRC
IVP.NTZ
ANTI-VIR.DAT
CHKLIST.MS,
SMARTCHK.MS
SMARTCHK.CPS
AGUARD.DAT
AVGQT.DAT
LGUARD.VPS

W32.Crypto does not infect popular anti-virus software or some other common applications that have self-check routines. It will refrain from infecting programs with names beginning with:

TB
F-
AW
AV
NAV
PAV
RAV
NVC
FPR
DSS
IBM
INOC
ANTI
SCN
VSAF
VSWP
PANDA
DRWEB
FSAV
SPIDER
ADINF
SONIQUE
SQSTART"

I assume this includes Avast.