F-Secure
Tools
Trojan:W32/Crypt.O
| Name : | Trojan:W32/Crypt.O |
| Detection Names : | Trojan.Win32.Crypt.o |
| Category: | Malware |
| Type: | Trojan |
| Platform: | W32 |
Summary
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
Disinfection
So far, we found the only reliable way to delete this intrusive adware is to boot from Windows installation CD to Recovery Console and to delete the malicious DLL file from a hard disk.
Alternatively you can use ERD commander or a bootable Linux CD to access your NTFS partition and to delete the DLL file.
If you have F-Secure Anti-Virus, select 'Rename Automatically' disinfection action for the On-Access Scanner (OAS) and reboot the computer. FSAV should rename the DLL file before it becomes active.
Alternatively you can use ERD commander or a bootable Linux CD to access your NTFS partition and to delete the DLL file.
If you have F-Secure Anti-Virus, select 'Rename Automatically' disinfection action for the On-Access Scanner (OAS) and reboot the computer. FSAV should rename the DLL file before it becomes active.
Additional Details
Trojan:W32/Crypt.O is a very intrusive adware program, quite similar to another intrusive adware that we detect as 'Trojan.Win32.Agent.cs'.
Installation
The trojan's file is a DLL that is designed to be loaded at Windows startup using the 'Winlogon\Notify' Registry key. As a result the trojan is loaded as the component of one of Windows's system processes. Its removal or modification is impossible when Windows is active.
Moreover, the trojan blocks access to its own file, monitors changes to its Registry keys and restores them if they are modified or deleted.
Installation
The trojan's file is a DLL that is designed to be loaded at Windows startup using the 'Winlogon\Notify' Registry key. As a result the trojan is loaded as the component of one of Windows's system processes. Its removal or modification is impossible when Windows is active.
Moreover, the trojan blocks access to its own file, monitors changes to its Registry keys and restores them if they are modified or deleted.