Anyone know how I can remove the virus win32:crypt-ny?

[steuku]

I do not know how but I have somewhere a virus called win32 crypt-ny
Always found a file named nc2.exe
How can I delete it? ?

disable system restore?
how?

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[polonus]

Hi steuku,

The trojan's file is a DLL that is designed to be loaded at Windows startup using the 'Winlogon\Notify' Registry key. As a result the trojan is loaded as the component of one of Windows's system processes and its removal or modification is impossible when Windows is active. Moreover, the trojan blocks access to its own file, monitors changes to its Registry keys and restores them if they are modified or deleted.

Disinfection

So far we found the only reliable way to delete this intrusive adware: to boot from Windows installation CD to Recovery Console and to delete the malicious DLL file from a hard disk.

Alternatively you can use ERD commander or a bootable Linux CD to access your NTFS partition and to delete the DLL file.

Or try the "delete at next system startup, if necessary" option in Avast.

polonus