Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: This week my main pc was infected with Ransom:win32/Croti

31 Oct 2014   #1

Windows 7 Pro x64
This week my main pc was infected with Ransom:win32/Croti

This week my main pc was infected with Ransom:win32/Croti.
My main protection program is MS Security Essentials. I was a bit surprised since I routinely keep my virus def.s up to date & stay off of any risky (??) sites. (You’ve heard it all many timesJ) No other PC’s on my Home Network appear to be affected.
I’ve applied all the fixes recommended b y knowledgeable sites (MBAM, MBAM Anti Rootkit,
Rkil, etc. However, I plan to do a complete clean install(including pull Ram/Batt, write zeros to HDD, & the reinstall my WIN7 Pro x64.
My primary concern is can I recover any of my corrupted files which I can no longer read?) I do have some external backup files I can depend on but several recent files on the affected PC can no longer be read.

Thank you for any comments

PC Vitals:
ASUS FA85 Mobo
AMD A10 5800k
Win7 Pro 64bit SP1

My System SpecsSystem Spec
31 Oct 2014   #2

Windows 7 Pro 64-bit

Unless you pay the ransom you will have to restore from backup. Bunch of info here CryptoWall - new variant of CryptoDefense - General Security
My System SpecsSystem Spec
01 Nov 2014   #3

Windows 7 Pro x64

Thanks for the response cyberSAR:)

Started Clean install today - what a destructive virus/Trojan/et al

Learned a hard lesson regarding real time backup

Thanks again
My System SpecsSystem Spec

01 Nov 2014   #4

Windows 7 Pro 64-bit

Sorry for your bad luck but at least you'll have a fresh clean machine when done May want to look into CryptoPrevent
My System SpecsSystem Spec
01 Nov 2014   #5
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10

You might want to consider making a system image in case this happens again. It can be a lifesaver when disaster strikes. Keep it on an external drive & keep 2 or 3 previous versions in case you inadvertently make one with a virus or malware on it. That way you have a couple to fall back on.

Backup Complete Computer - Create an Image Backup

A system image is an exact copy of a drive. By default, a system image includes the drives required for Windows to run. This would be all NTFS formatted partitions or drives with an operating system installed on it (ex: C ) and the System Reserved partition are selected (checked) to be included in the backup and cannot be unselected. It also includes Windows and your system settings, programs, and files. You can use a system image to restore the contents of your computer if your hard disk or computer ever stops working. When you restore your computer from a system image, it's a complete restoration—you can't choose individual items to restore, and all of your current programs, system settings, and files are replaced with the contents of the system image.
My System SpecsSystem Spec

 This week my main pc was infected with Ransom:win32/Croti

Thread Tools

Similar help and support threads
Thread Forum
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Infected by virtool.win32/obfuscator.XZ on Windows 7
Hi All, My last MSE scan was in October of 2012, did a scan last night and found that I'm infected with virtool.win32/obfuscator.XZ. I tried to do some research before posting and found these two threads that are relatively recent: 1. Solved: Please help removing virtool:win32/obfuscator.XZ...
System Security
Win 7 Action Center reports pc is infected with win32/ trogan
Hello, My Windows 7 action center has told me to "remove the Win32/Small.CA virus from your computer". Although it provides very little assistance in removing the virus. The message first appeared on the 26 Dec 2012. My computer has blue screened several times over the last month although...
System Security
Warning! Glary Utilites/Iobit infected with Win32.Induc
Avast and Microsoft's MSE new updates are detecting Win32.Induc virus in Glary Utilites, Iobit and possible other programs compiled with Delphi. They're not false positives. More info here.. avast! blog Win32:Induc, new concept of file infector? Infection Win32:Induc Glary Utilities Pro...
System Security
themeui.dll infected with Win32.HLLM.Graz.based
Recently run DrWeb and got this message on Build 7000 :/ Anyone else?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:40.
Twitter Facebook