Win32:PrefPoly [Cryp] does anyone...

Know what this is only avast pro found it …Thanks.

Some sort of fake video from a spam email which actually installs some sort of scamware?

Mind you i did get a piece of software that was cracked from a friend could this be a false positive cause of the crack? when i scanned with av it said there were no problems ,it only came up when i was installing the software …Thanks again for your time…

If the file is not too big, you can submit it to VirusTotal for analysis by multiple AV engines.

Cracks are very often just malware in disguise, so be careful.

Cracks, keygens, etc. are high risk areas and are often accompanied by unwanted gifts, apart from the moral/legal issue, who are you going to report it to.

I have the win32:prefpoly that appeared and it is nasty. It was identified by Avast home addition. It showed up on the laptop that is used to produce the powerpoint for the church. The way I knew something was wrong is I received a spam notification wanting me to use the security firewall to eliminate 38 virus. When I said sure (not realizing that it was not a software that had previously been installed) it asked me to choose a method of payment either mastercard or visa. when I backed out of the warning window, it continually popped up again and again as I was preparing the message for this mornings service. it put a security shield in the sys tray that I was unable to right click and exit. The add/delete programs identified the security software and I tried to delete the program. It would not allow a delete. We are actually wiping the hard drive at this time and putting all new operating system in the laptop so that it could be used.

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

Step 3 will help you to get rid from rogue programs.