Win32/Cryptor virus need help how to delete it for good

[JonDaviS]

I recently been hit by the Win32/Cryptor virus. Every time I start up my computer AVG 9.0 says virus infected Win32/Cryptor C:\WINDOWS\system32\anuehcy.dll It shows me this one every time I start up my computer. AVG want let me delete it just keeps coming back. I tried every program to get rid of it spybot search and destroy, ad-aware 6.0, SUPERAntiSpyware Professional, AVP 2009, Spyhunter, and Spyware doctor. None of them got ride of the virus. Then I did a scan with Malwarebytes' Anti-Malware and it found the same file as AVG 9.0 c:\WINDOWS\system32\anuehcy.dll. I deleted it then restarted my computer but AVG 9.0 still says i am infected with the virus Win32/Cryptor C:\WINDOWS\system32\anuehcy.dll I also have the problem when I go to search something on google it takes me to a totally different site. I was wondering if it had anything to do with the Win32/Cryptor virus that I have. I tried everything I know to do I don't know nothing else to do. I hope someone can help me get rid of this virus. Here is the log from Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/11/2010 8:00:11 AM
mbam-log-2010-01-11 (08-00-11).txt

Scan type: Quick Scan
Objects scanned: 138233
Time elapsed: 1 hour(s), 47 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a6022701-b95d-48cb-a9e8-85f2a3086c61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wpxilubt (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a6022701-b95d-48cb-a9e8-85f2a3086c61} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\anuehcy.dll (Trojan.Vundo.H) -> Delete on reboot

[Ferrit]

Well right off the bat I would toast that lousy AVG.
Download MS Essentials here .
http://www.microsoft.com/Security_Essentials/
Update it till it says it's fully updated
Once that's done turn off system restore and then scan.
Also get malwarebytes and install it and update it and then do a "FULL" scan.
www.malwarebytes.org

This is becoming nearly a daily occurrence in chat

<WDGuest667> my computer just got attacked by some extreme virus and now i cant boot windows
<WDGuest667> also, is there anyway for me to see if my external harddrive is infected without the harddrive being open to whatever computer i attach it to?
<Chat Helper> what antivirus are you running
<WDGuest667> AVG
<Chat Helper> so no antivirus
<WDGuest667> not a true one

[slgrieb]

I'm going with my standard response. Download and run Combofix. Read the tutorial here, then download it from the link on the tutorial page. Before you run Combofix, rename it to some random combination of alphanumeric characters like gn59hk22, then fire it it. If you read the tutorial, I don't need to explain the rest of the procedure, so I won't.

When Combofix has done it's thing, I would once again do followup scans with both Malwarebytes and Spybot Search & Destroy. Neither Malwarebytes nor Spybot are very effective against Virtumondo.H, but Combofix should deal with it. If the system still gives indications of problems, shut the computer down for at least 30 seconds, then I would repeat the scans (including Combofix) in Safe Mode. Let us know what happens.