My laptop was infected by this trojan name tr/crypt.fkm.gen as detected by avira antivir.

Some information taken from Sophos :

Troj/Scrods-Gen is a family of Trojans for the Windows platform.

Members of Troj/Scrods-Gen usually attempt to download and execute files from remote locations.

Members of Troj/Scrods-Gen may attempt to copy itself to the Windows folder, often with the filename csrss.scr, and may set the following registry entry:

HKCR\.key
(default)
regfile

I did not know from where did it come from. But my suspect is from torrent, where I download a video (a movie, old one) and when launch it Windows Media Player popup a message said that I need to download a free codec. I did download it (silly me!) and actually run it (an exe file). And nothing happen at that time.

But few days later Avira start to popup this message about tr/crypt.fkm.gen trojan and it detect it at file that is in System32 folder. Oh Boy! Nope! Avira unable to delete it. Ad-Aware not able to detect it. Hijack-This able to delete its entry, but it will magically reappear again.

The way I remove it is by running Malwarebytes’ Anti-Malware. That also took several reboot to clear it from the system…

Scary…. when you have too much important data inside.