Can't remove Win32/Cryptor

[JonDaviS]

I recently been hit by the Win32/Cryptor virus. Every time I start up my computer AVG 9.0 says virus infected Win32/Cryptor C:\WINDOWS\system32\anuehcy.dll It shows me this one every time I start up my computer. AVG want let me delete it just keeps coming back. I tried every program to get rid of it spybot search and destroy, ad-aware 6.0, SUPERAntiSpyware Professional, AVP 2009, Spyhunter, and Spyware doctor. None of them got ride of the virus. Then I did a scan with Malwarebytes' Anti-Malware and it found the same file as AVG 9.0 c:\WINDOWS\system32\anuehcy.dll. I deleted it then restarted my computer but AVG 9.0 still says i am infected with the virus Win32/Cryptor C:\WINDOWS\system32\anuehcy.dll I also have the problem when I go to search something on google it takes me to a totally different site. I was wondering if it had anything to do with the Win32/Cryptor virus that I have. I tried everything I know to do I don't know nothing else to do. I hope someone can help me get rid of this virus. Here is the log from Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/11/2010 8:00:11 AM
mbam-log-2010-01-11 (08-00-11).txt

Scan type: Quick Scan
Objects scanned: 138233
Time elapsed: 1 hour(s), 47 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a6022701-b95d-48cb-a9e8-85f2a3086c61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wpxilubt (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a6022701-b95d-48cb-a9e8-85f2a3086c61} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\anuehcy.dll (Trojan.Vundo.H) -> Delete on reboot.

[CeeBee]

http://www.symantec.com/security_res...051715-4324-99

[JonDaviS]

CeeBee that didn't help i still have that Win32/Cryptor virus on my computer. Can anyone please help me i tried everything and have no idea how to get ride of the virus. Any help would be wonderful thanks.

[Ferrit]

Read your other post and try not to post twice its just confusing

[maced]

Jon, try ADS Spy (http://www.softpedia.com/get/System/.../ADS-Spy.shtml).

This program looks for files hidden by programs utilizing a feature of Windows called Alternate Data Streams (ADS). Run this program and you will probably see a long list of files utilizing ADS but look specifically for the dll file you mention in your post. If you see it, remove it and reboot your system. Don't forget that the virus may have created a Restore Point so you may want to avoid "going back" using one as you will re-infect yourself. If you are successful in removing the virus, delete your restore points and create a new one once your system is clean.

Kokdiak, Ferrit, slgrieb, please chime in if you think a different approach may be better.