today i discovered that my system is infected.
Malware is using USB keys to spread itself.
It creates autorun.inf (renamed to .infz in the rar) and a recycle bin containing autorunmex.exe and desktop.ini.
The strange fact is that only few antivirus detect it and fewer remove it correctly (they just delete the autorun.inf).
I am not sure: this malware can block antivirus install (NOD32).
Be careful

Password: MALWARE

there is UPX-ed MSVB6 executable.. i'm lazy to run it..
what is in crypted part?

it displays Msgbox then starts Ctfmon32 & puts in RUN "xmutler"

http://www.bleepingcomputer.com/forums/topic131299.html
This will only work for XP.

i have same story for several days now. my coworkers's computers in the office got malwared. so i equipped myself with autoruns from sysinternal, and latest comodo firewall (free). with one or another way, i can fix those infected. disabling any suspicious autorun, and 'terminate and block' with comodo

I also usually do a manual removal whenever someone around here gets infected. My "M.O." is something like:

1) Run Procexp. Use Ctrl+F to find any references to the malware.
2) Kill any malware processes or malware threads inside of normal processes (ex. some malware hides as a thread in winlogon.exe)
3) Run Autoruns to clear out the "startup vectors" for the malware
4) Reboot
5) If the system boots clean, nuke malware files.

Occasionally it's either faster or easier to just boot from a linux Live CD with NTFS write support and just delete the malware files straight away. You can then clean up the (defunct) registry entries afterwards.

Sounds good, I need to incorporate that into the cleaning of computers I do for friends and family. I get paid around $10-20 per job, even when they are simple fixes...
I love being able to understand computers .