Help with Win32:MalOb-BZ [cryp]

Hello

I have been having trouble removing a trojan MalOb-BZ.

The trojan was originally found in the system restore files. After doing both a boot scan and remove as well as disabling the system restore, the virus is now in temporary files with file path of C:\Documents and Settings\my name\Local Settings\Temporary Internet Files\Content.IE5\ATGLQ2UH\520[1].exe[UPX].

I have also done scan with SpyBot Scan&destroy.

The interesting thing is that Avast only detects the virus when the computer is connected to the Internet.

Any advice or suggestion on how to remove the virus would be most appreciated.

Sorry for the spelling, english is not my first language.

Uninstall spybot S&D it is no good…

Temp File Cleaner by OldTimer ( will clean ALL and ONLY tempfiles )
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator)
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4602

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13/09/2010 00:48:24
mbam-log-2010-09-13 (00-48-24).txt

Type d’examen: Examen complet (C:|)
Elément(s) analysé(s): 169038
Temps écoulé: 52 minute(s), 9 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) → Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Marianne\Application Data\ooyi.exe (Worm.Palevo) → Delete on reboot.

Whats is this worm, how do i get rid of it?

Thanks for your help so far.

Whats is this worm, how do i get rid of it?
you just did.......i hope... ;D scan again and see if the next log is clean ?

Scan with avast! and see if it report anything now

Thanks for you help, it looks like it is ok now.


Just for information, Nutellavac, the below from your MBAM log say it was cleaned from your computer.

Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.

Your second MBAM scan showed the proof. :slight_smile: