Very BIG Mystery, I scan with AVAST in “normal use with computer” and nothing
infections, I try to do a scan in “before pc start MODE” and AVAST found this infection:

WIN32: Malob-v CRYPT (or WIN32: Malov-v?)

Obviously, located in the xp restore points:

C: / system volume information … … RR3 … A0000669.exe

Now, removing restore points disappeared infection or the win32: Malob or not ?

There will be ‘still in my computer and infect’ even restore points
System C: in the next days or not ?

I think not (its true?) But if there is a tool to eliminate this
Win32: Malob?

Strangely never MBAM (AntiMalwareByte) never Hijackthis, or
GMER had found nothing of this INFECTION!

And why AVAST in mode 'normal (and therefore not in startup)
He had not found this infection?

Thanks for help me Mery

Test it on VT. (www.virustotal.com)
Provide the link of the result here.

@ miciotta62
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

• Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

• So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

However, that said, I wouldn’t expect GMER to find anything as it is a specialist anti-rootkit scanner.

MBAM is a weird bird as I have been using it for ages and I still don’t know if it scans system restore points as there is nothing specific in the Scanner Settings (image1). This is further complicated in that I gave up on system restore (for hard disk imaging) many years ago, so I have empty system volume information folders (no restore points).

HiJackThis is a busted flush as it hasn’t been updated in well over a year, not to mention it is an analysis tool and again, it doesn’t check the system volume information (restore points).

MBAM is a weird bird as I have been using it for ages and I still don't know if it scans system restore points as there is nothing specific in the Scanner Settings (image1).

Files Infected: c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\RP116\A0019772.exe (Malware.Gen) -> No action taken.

As I mentioned I have had system restore disabled for some considerable time, not that I would expect to find anything there if I did have it enabled.

It would just be nice if it was clear in the MBAM settings on what it does scan.

It would just be nice if it was clear in the MBAM settings on what it does scan.

I just get too used to avast providing more details of what it scans.

MBAM only looks in the restore point if a full scan is run

Thanks essexboy, I rarely if ever do anything other than a Quick scan.

now what to do ? i use avast 6.0.1

is a virus or ?or what is this WIN32… ?

is in C: and re-infect the restore points of xp or ?

help me … Mery

Here my answer…
http://forum.avast.com/index.php?topic=84582.msg687725#new

@miciotta62
The safest option is to allow avast to remove it as I outlined in my post above. That way it would no longer be available for restoration.

Please see:
How to remove all System Restore points except the most recent one
http://support.microsoft.com/kb/555367

In this case, I would delete all restore points and once the system is totally clean, create a fresh one.
Provided you intend to continue to use System Restore.

I have not ever needed a System Restore but I do keep the space it requires to a minimum.
The best advice is to follow essexboy’s advice.

In this case essexboy didn’t offer any advice, if anyone is looking for it.

ok boy ! thanks !!

i remove all restore points… my pc is clean now ?

what is this infection WIN32 …virus or ?

Why antimalwarebyte MBAM not fount it ?

why AVAST not found this virus in normal scan , but found ONLY
in restart PC avast scan mode at power-on ? why ???

thanks at all !

Go here for my comments
http://forum.avast.com/index.php?topic=84582.msg688095#new

what is this infection WIN32 ...virus or ?

What to imagine behind Win32:MalOb [Cryp]
https://blog.avast.com/2009/07/29/what-to-imagine-behind-win32malob-cryp/

Btw: the spectrum of malware covered by Win32:MalOb consists of fake antiviruses, fake codecs, spam engines etc.

Why antimalwarebyte MBAM not fount it ?