Crypt.O is a very intrusive adware that we classify as a trojan.
It is quite similar to another intrusive adware that we detect as
'Trojan.Win32.Agent.cs'.
The trojan's file is a DLL that is designed to be loaded at
Windows startup using the 'Winlogon\Notify' Registry key. As a
result the trojan is loaded as the component of one of Windows's
system processes and its removal or modification is impossible
when Windows is active. Moreover, the trojan blocks access to its
own file, monitors changes to its Registry keys and restores them
if they are modified or deleted.
Disinfection
So far we found the only reliable way to delete this intrusive
adware: to boot from Windows installation CD to Recovery Console
and to delete the malicious DLL file from a hard disk.
Alternatively you can use ERD commander or a bootable Linux CD to
access your NTFS partition and to delete the DLL file.
If you have F-Secure Anti-Virus, select 'Rename Automatically'
disinfection action for the On-Access Scanner (OAS) and reboot a
computer. FSAV should rename the DLL file before it becomes
active.
![](/images/pixel.gif"){kind=tracking}
