Jump to content

MBA should have protection for autorun.inf in USB drives


Recommended Posts

Gooday mates:

Yesterday a mate called my and told me his laptop was infected.

His laptop had MBA full installed (real time protection) because I told him about it (it was my advise); his daughter connected a USB drive and it got infected; after that was chaos.

The pearl that infected my friend's machine was:


and the thing that amazed me was that MBA could not detect it, stop it and therefore clean/remove it !!!!

To me MBA is the best so please guys work about it, I'm a little bit disappointed :)

Thank you,


Link to post
Share on other sites

Hello memoemc2, :)

Win32/Vobfus.F looks like antivirus naming, was this detection a message from antivirus software ?

It is possible that the antivirus was the first to identify and lock the file, therefore MBAM could not access it.

If you think MBAM missed some files and you still have them, you can upload the malicious samples here, they will be checked.

Link to post
Share on other sites

hello Falkra:

You are right about your appreciation; and it happened like that:

1-My friend's daughter connected a USB drive to his laptop.

2-My friend's laptop got infected; it has Win XP SP3

3-His laptop had MBA full installed thus with real time protection and updated. :)

4-I tried to install MSS essentials and the malware didn't leave me do it; at this point almost nothing was working.

5-I restored his machine to a earlier date.

6-I successfully installed MSS essentials.

7-I made full scan and it found th worm named above. these were removed.

8-I connected the infected USB drive and MSS essentials identified and removed the same malware without problems.

9-I set a new restore point and I deleted all restored points stored.

10-the machine is clean

Then my friend was so pissed :) that he uninstalled MBA and leave MSS essentials; he even canceled a BBQ that we have planned.... bahhhhh :)

So, I trust more in MBA but what happened there?? :)

Thank you.


the worm info is in this link:


Link to post
Share on other sites

Win32/Vobfus.F looks like Microsoft Security Essentials Naming.

Well yes, but not only, there are other vendors that are using the same naming pattern and keyword for this one :


Looks like MBAM knows this one :


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.