Win32/Crytor HELP

Hi, my AVG detected 2 win32/cryptor virus about 1 week ago...and i tried to remove it using AVG but it said "operation intercrupted by user". So i left it there seing its not changing my computer/internet in anyways. Then yesterday i search on google on how to remove it, and someone told me to download Malwarebytes Anti-Malware. I did that and found about 6 viruses (didnt read/look wat they are....), then i selected them and removed them and restarted my computer...then i started the internet again and AVG still detect the 2 win32/cryptor. Can you help please?

Yes, we can.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Now my DHCP is not working....
it said program caused DHCP client to stop working....how can i fix that?

The rootkit is blocking internet access. Do you have another machine to use + a USB memory stick to transfer stuff over to and from?

im using computers at my school right now...but i dont have a USB

Can you write to CD? we can burn a few tools to use all at once and then run them when we need them.

dam...i dont have a CD eiter

Well looks like you'll need to get your hands on an external drive, because without tools, there isn't much I can do from here.

You can try resetting the winsock to see if it helps connection any.
Go to Start > Run. In the Run box, type in:
netsh winsock reset
Press enter and reboot normally.

ok i'll try that....is there anything else i can try?

Nope, unfortunately.

well i might come to my friend's house and get a disc.....u wanna post the programs that i need? so i can burn it when i get 1

Hello.
Okay, here are the four tools we might need to use.

Do not use them on your own, because they are too dangerous if used incorrectly.

Hijack This Installer
Malware-Bytes Anti-Malware Installer (MBAM)
DDS
OTMoveIt3

For starters, install both Hijack This and MBAM.
Don't use MBAM yet, just run Hijack This and get a log and we'll see how things go from there.

well i got my old computer to work....
and the thing you told me to do before....
Start>run>something....
it said the action require elevation...
idk wat that is

Hello.
Ah, you didn't tell me this was a Vista OS. The Run box/cmd require elavated privileges.

But if you can get the machine to boot now/internet access, then skip the Run command do install Hijack This.
Install and run a system scan and save a log file. Post the log file back here.

i meant the older computer....not the infected computer, but the computer that i was about to throw away because its super old.

Oh. Is the old machine able to write to CD's?

it probally can but i dont have CDs =/.....ill keep searching my house for CDs

can i still burn programs into a disc that already has stuff in it?

No, that would mean the disc has to be RE-writable.

ok, super bad news.....i just installed hijackthis and scanned for a log, now my the window wont start.....it started up, then i had a black screen. So i restarted the computer, then it ask if i want to go into safe mode, which i did....it frozed while it was loading the win32 stuff....

Reboot it again.
Start tapping the F8 key after the beep to access the advanced boot menu.
Boot from "Last known good configuration"

Can you boot now?

nope, its still the same.

Darn.
Unless you can get access to a CD writer, there isn't much I can do.

If we can get a CD writer, we can boot to Avira's rescue disc.

i do have a CD writer,

Okay.
Read this article and guide, the Avira boot disc link is at the bottom of the article.

http://www.raymond.cc/blog/archives/2008/06/28/free-avira-antivir-rescue-system-cd-to-clean-unremovable-virus/

Everything you need to do this is there in the article.