Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182
How To Remove W32/Cryptor and Replace Infected SYS files Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182
class="post-template-default single single-post postid-3523 single-format-standard unknown alt-style-default boxed-layout two-col-left width-1020 two-col-left-1020">


Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182
class="post-3523 post type-post status-publish format-standard hentry">

How To Remove W32/Cryptor and Replace Infected SYS files

A client named Patty brought over her laptop today and said her AVG detected a virus that it couldn’t remove.  I booted the laptop up and within 10 minutes AVG had detected w32/cryptor.  w32/Cyrptor is identified by AVG as malware and usually patches a system file (like atapi.sys).  It’s got rootkit capabilities which prevent it from being removed while Windows is booted and running.  

Getting rid of w32/Cryptor can be a bit difficult for the average user.  Here’s how to remove it.  This example assumes you have a .sys file infected with w32/Cryptor and you can’t remove it with AVG.

What You’ll Need To Remove w32 Cryptor (my way)

  • First, try to find out which .sys file is infected.  You’ll need a clean copy of that file.  You can get this off your windows install disc.  If the file is named something like atapi.sy_ then you’ll need to decompress it first (run expand.exe to decompress it).
  • Create a Kaspersky Rescue Disk (USB).  Here’s how.  After the KRD has been loaded on your USB stick create another folder on the stick called sysfiles.  Put clean copies of the infected .sys files here.
  1. Boot the infected PC to the Kaspersky Rescue USB Disk.
  2. Update the databases.
  3. Scan bootsectors and the C:\ drive.  If malware is encountered first try to disinfect, if that doesn’t work then quarantine, if that doesn’t work then delete.
  4. Chances are w32/Cryptor has been found and successfully disinfected….however if it couldn’t be disinfected then you’ll need to go to c:\windows\system32\drivers and rename the .sys file to .sys.old.  For example atapi.sys would be renamed to atapi.sys.old if it was infected.  Navigate to the custom folder you just created (sysfiles) with the clean copy(s) of the .sys files.  Copy the .sys files from that folder to c:\Windows\system32\drivers.
  5. Reboot.
  6. Perform follow up full scan with Malwarebytes.
  7. Consider reinstalling your Antivirus or Switching to Kaspersky Internet Security.

I realize the above instructions are sorta simplified, so I’ll make a video on how to do this step-by-step.


Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Fatal error: Uncaught exception 'wfWAFStorageFileException' with message 'Unable to verify temporary file contents for atomic writing.' in /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:52 Stack trace: #0 /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(659): wfWAFStorageFile::atomicFilePutContents('/home/merizos/p...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('synced') #2 {main} thrown in /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 52