W32.Crypto


Aliases: Win32/Crypto
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: dormant
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: easy
Platform: W32
Discovered: 30 Dec 1999
Damage: Low

Characteristics: W32.Crypto is not known to be in the wild yet and it is somewhat similar to One_Half virus in terms of it s payload.

More details about W32.Crypto

The W32.Crypto program is not damaging to the system, but it can do things such as swapping the mouse buttons or disabling the keyboard. It is said that this will encrypt the data on your hard drive. Upon encrypting and the virus is manually removed, the data will be inaccessible. It is like having it kidnapped as long the virus is present in your computer. This virus has strong cryptographic algorithms to encrypt the data on the hard disk, making recovery unlikely without a backup. So, if your computer and or laptop has backups facilities, make sure you enable this facility so that it easy for your computer to work again.

As its name applies, it has strong cryptographic algorithms, written and built with Microsoft Crypto API to encrypt accessed DLLs on the system with an encryption key that is added by the virus to the infected system. This infects Windows Operating System file KERNEL32.DLL, thereby taking all controls of other DLL files. The virus also avoids infecting specific system executable files that are monitored by the Operating System for changes. The virus may add infected files to archives of certain antivirus programs such as AVP.CRC, IVP.NTZ, ANTI-VIR.DAT, CHKLIST.MS, SMARTCHK.MS, SMARTCHK.CPS, AGUARD.DAT, AVGQT.DAT and LGUARD.VPS.