| Name | W32.Crypto |
| Type | Virus |
| Affected | |
| Risk | Level 1: Very Low |
| Discovered | December 30, 1999 |
| Update | February 13, 2007 11:33:11 AM |
| Length | |
| Virus Info | W32.Crypto is not known to be in the wild yet. The payload for this virus is similar to the One_Half virus. This means the Crypto virus will encrypt the data on your hard drive, and if you remove the virus, the data will be inaccessible – and effectively held hostage. Crypto uses strong cryptographic algorithms to encrypt the data on the hard disk, making recovery unlikely without a backup.
W32.Crypto uses the Microsoft Crypto API to encrypt accessed DLLs on the system with an encryption key that is added by the virus to the infected system, and installed in the registry as: SOFTWARE\Microsoft\Cryptography\UserKeys\Prizzy/29A. The virus first infects the operating system file KERNEL32.DLL. Once infected, KERNEL32.DLL controls all access to other DLLs on the system and the virus encrypts all such accessed DLL files. While the virus is active in memory, it will automatically decrypt encrypted DLL files so they can be used. However, if the virus is not active in memory, the DLLs will not be decrypted and the system will fail to work. Unless the virus is active and running, all DLL files that have been encrypted will be inaccessible. This means that an infected system can only be cleaned by restoring all affected DLL files from backup copies, and deleting all infected executable files. Data files are not encrypted by this release of the virus. |
| Threat Assessment |
Wild
Damage
Distribution
Writeup By: Peter Szor
|
| Details | >W32.Crypto |
convert this post to pdf.
Tags: Other, VirusRelated Virus
"Free Scan W32.Crypto
satellite tv on pc software
Leave a Comment
You must be logged in to post a comment.