1. Symantec/
  2. Security Response/
  3. W32.Crypto


Risk Level 1: Very Low

December 30, 1999
February 13, 2007 11:33:11 AM
Also Known As:

W32.Crypto is not known to be in the wild yet. The payload for this virus is similar to the One_Half virus. This means the Crypto virus will encrypt the data on your hard drive, and if you remove the virus, the data will be inaccessible - and effectively held hostage. Crypto uses strong cryptographic algorithms to encrypt the data on the hard disk, making recovery unlikely without a backup.

W32.Crypto uses the Microsoft Crypto API to encrypt accessed DLLs on the system with an encryption key that is added by the virus to the infected system, and installed in the registry as:


The virus first infects the operating system file KERNEL32.DLL. Once infected, KERNEL32.DLL controls all access to other DLLs on the system and the virus encrypts all such accessed DLL files. While the virus is active in memory, it will automatically decrypt encrypted DLL files so they can be used. However, if the virus is not active in memory, the DLLs will not be decrypted and the system will fail to work. Unless the virus is active and running, all DLL files that have been encrypted will be inaccessible. This means that an infected system can only be cleaned by restoring all affected DLL files from backup copies, and deleting all infected executable files. Data files are not encrypted by this release of the virus.

Antivirus Protection Dates

  • Initial Rapid Release version December 15, 2000
  • Latest Rapid Release version February 7, 2017 revision 019
  • Initial Daily Certified version December 15, 2000 revision 041
  • Latest Daily Certified version February 8, 2017 revision 001
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Peter Szor

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube