Win32:MalOb-GX [Cryp]

Hello,

I installed a free program which rips dvds (for legal purposes, needed a copy of my nieces school concert) called Winx to DVD. It installed fine but when I tried to uninstall it detected that file as Win32:MalOb-GX [Cryp] which I have no idea what kind of virus that is/would be. It could be that it’s a false positive and submitted it to the virus lab but I would love to uninstall the program but can’t cos the file is in the virus chest and it’ll just detect it again and crash during the uninstall.

Does anyone know what I could do or what the virus is/does or even had this problem before?

Thanks

The file in question has the name of a legitimate file, however the location is completely wrong and is not related to any form of DVD data

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

What to imagine behind Win32:MalOb [Cryp]
https://blog.avast.com/2009/07/29/what-to-imagine-behind-win32malob-cryp/

I did the scan but 2 notepad windows didn’t open. Only window which opened was OTL.txt - And the only file which is saved on the desktop is OTL.txt and Extra.txt isn’t.

I do have 2 ini files on my desktop both named desktop.ini which appears transparent. Edit: The desktop.ini files appear to have gone now. But still have no Extras.txt file.

Just seems weird that the detection came up when I tried to run the uninstall.exe for it and when it detected and moved the file to the virus chest the uninstaller crashed, I emailed the creators of the program when I first got it to see if it was apart of the program but I dunno, just seems weird it detects, moves the file and the uninstaller crashes.

The ini files are system ones which we will hide later

Could you attach the main OTL log please

Well, the desktop.ini files appear to have vanished as they aren’t on the desktop no more.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

After this run has completed try an uninstall again

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-358603510-3912317155-1064425861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OTL crashed about 15 minutes into running the fix you said, was still emptying the temp folder (thought some processes closed not every one did as I still had the desktop and a few others). Should I run it again?

If you have not emptied your temporary files for a while it may take some time … The most I have seen to date is 24 Gb

Yes re-run the fix it should go faster

It’s probably nothing but i’ll post it just incase, I opened up OTL and it closed but a txt file opened with the follow:

Files\Folders moved on Reboot…
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

Also, i’ve never emptied my temporary files folder ::slight_smile:

Did it run faster the second time ?

Yeah, it was pretty much instant.

I did a quickscan and attached the OTL file

Have you tried to uninstall the programme again ?

Just done so and no threat detections.

I guess I didn’t have anything bad on my computer or at risk from having anything stolen such as personal data? Not sure what exactly OTL scans for but if I had anything bad would it have located something which might indicate it?

Thanks

Nothing really bad was located, emptying the temp files took care of that ;D

Run OTL and press the cleanup button to remove it

I ran OTL and did the clean up which removed OTL and a few other files.

Thanks for all your help, very much appreciated! ;D

My pleasure ;D