Win32:MalOb-AI [Cryp]??

I recently got this warning form Avast
Win32:MalOb-AI [Cryp]

It was compressed with UPX in csrss process

and it’s only detected when I kill explorer process

It makes on every pen drive that I insert autorun.inf and
DIJANA folder that has attributes Hidden System and ReadOnly and Looks like Recycle Bin

So I tried to kill it to turn off some suspicious programs that are run automatically but I think it’s merged with some executable or process so i’m not sure what to do and where to find it and delete it manualy!

Thanks in advance!

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

Panda USB Vaccine 1.0.1.4
http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html

the autorun is empty :smiley: so youve been infected by killvirus vsb too :smiley:

after removing that script thats the remain,

i have that too and i already snd it in virus lab :smiley:

Thank you very much ALWIL Team, great Job :smiley:

Best Regards!!!

Hello,

We were working on some project and someone who I trust handed me his USB Stick. I inserted it into my Windows 7 machine and Avast promtly said:

08.04.2010 13:13:18 F:\AMERICKI//nato.exe|>[UPX] [L] Win32:MalOb-AI [Cryp] (0) Datei erfolgreich in Container verschoben...

(The last line means something like “File successfully moved to container”)

So apparently there is the virus you are talking about. So I then inserted the stick into my Mac and scanned it with ClamXav, but it could not find anything. I did not copy anything from that stick to my Windows computer and did not run anything there explicitly.

Now Avast 5 Free just finished scanning my whole system, and did not find anything. Next I am gonna check with “Spybot Search & Destroy”.

Do you think that my system is infected, and how would I notice?