|win32/cryptor FIXED! Solved! For me anyway...|
A friend gave me his lappie to sort out. It had a free Norton antivirus compliments of Google Pack but it wasnt updating or uninstalling properly. Another problem was that on every reboot Google Updater complained of an error and shut down. And I couldn't un-install or re-install it properly either.
I downloaded and ran the latest AVG free. AVG even in safe or DOS mode was no good. It could see Cryptor but not delete it. I loaded spybot search and destroy, it seemed to install but would not actually load up properly although I got the tray icon.
I Googled win32/cryptor and somebody suggested Malwarebytes Anti-Malware. As I'd never heard of it I Googled that! I wouldnt want it to be another Antivirus 2009!
Download.com and Major Geeks were offering it so I thought it likely to be legit.
Downloaded it and then ran it, nothing... Downloaded from a second site, still nothing so more Googling. It was suggested that I rename the install file. Guess what it then installed! I did a reboot then ran the program, again nothing.
Just on a hunch I renamed the following executable file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe to mbamm.exe. Dont forget to let it go get the latest updates.
That did the trick! 10 minutes later all trace of Cryptor was gone. I rebooted then scanned with AVG which found nothing more than a few cookies. An Ad-Aware scan then turned up a load more cookies.
Chances are that renaming the appropriate Spybot exe file would have done the trick. If there is more than one executable in the directory take a look at the properties of the Start button Spybot link. That usually tells you which one you need to tinker with. Google seems to be behaving too.
The virus was clever enough to block certain executables by name. As soon as it didn't recognise the name it was possible to remove it.