Is cryptwin a virus / worm ?

  RoosterUK 11:37 30 Mar 04

Hi all

My PC has developed a problem.When trying to connect to the internet ( 56K Dial Up modem) the process fails with an Error 631: Port Disconnected and then a STOP Fatal System Error System File "cryptwin.exe".
If I then use Ctrl/Alt/Del there is a process running with the name cryptwin. If I stop this process I can then connect to the internet as normal. The cryptwin process returns on every startup.
I have no idea what this process/program is. The cryptwin.exe is located in the Windows/System Folder and from the date on the file I am fairly certain all that was done at that time were Emails.
Could this have arrived by email ?
Does anyone recognise this as a known virus/ worm?

I have been using Norton Antivirus but the subscription expired acouple of weeks ago so I dont have the very latest definitions.
I have a 30 day copy of Panda internet security on the PC advisor cover disc but to use this I am advised to uninstall Norton.I am reluctant to lose all the definitions I already have for Norton. Can I save these to reinstall at a later date?

So if anyone recognises this problem do they know how to uninstall and correct any registry settings ?

Any help appreciated


Using Windows ME , Outook Express.

  Giggle n' Bits 11:58 30 Mar 04

ref your virus software, I would update the subsciption to Norton as its good stuff.

You don't mention which windows you run.

  RoosterUK 12:14 30 Mar 04

I'm using windows ME.

If this isn't a virus does anyone have any idea what it is ?

It definitely appeared at a time when no software was intentionally installed.


  Taw® 14:55 30 Mar 04

click here click here these may be of help

  RoosterUK 20:02 31 Mar 04

A quick update on this issue.
It turns out that these symptons and the cryptwin files are indeed created by a virus/worm.
A little more detective work revealed that the code arrived by email on 28 march contained in an apparently blank image file.The virus is named [email protected] .
Even if my Norton AV was up to date I would still have been infected. Norton only released the definition on the same day I was infected.I have now updated my NAV and used Nortons removal tool available from the symnatec website.
I suggest anybody who has not updated thier definitions since Sunday 28 March should do so now.


This thread is now locked and can not be replied to.

iPhone 7 Plus review: better cameras and waterproofing make this the best iPhone yet

1995-2015: How technology has changed the world in 20 years

Apple to launch new Macs and MacBook Pros at an event on October 27

iPhone vs Android | iOS vs Android: 5 reasons why Apple's iPhones beat Google Android smartphones ()…