Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Remove Obfuscator.xz Virus Tool


09 Nov 2012   #1

Windows 7 Ultimate 64 Bit
 
 
Remove Obfuscator.xz Virus Tool

Hi to all,

I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to clean the system it fails.

So after a research in the forum I found that some users recomend to follow that guide:

How to Remove VirTool:Win32/obfuscator.XZ Completely and Effectively (Step-by-step Removal) - Tee Support Blog

So I decided to follow the manual removal, but I'm not really sure of what I'm doing, so I would really appreciate some help .....

ok so....Now I'm finding the registry entries that I have to remove, like the manual said, but I find some registry entries with different values. Let me to take an example:

I have found

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS " CERTIFICATEREVOCATION" = '1'

instead of

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS " CERTIFICATEREVOCATION" = '0'

Do I have to remove that key anyway???


Edit

While I was waiting for some responses, I have scanned my pc ( in safe mode) using Microsoft Safety Scanner, ESET online, Hitman Pro and Malwarebytes but Now nothing has been detected:
Does this mean that I'm safe again???

My System SpecsSystem Spec
.

13 Nov 2012   #2

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by italicus3000 View Post
Hi to all,

I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to clean the system it fails.

So after a research in the forum I found that some users recomend to follow that guide:

How to Remove VirTool:Win32/obfuscator.XZ Completely and Effectively (Step-by-step Removal) - Tee Support Blog

So I decided to follow the manual removal, but I'm not really sure of what I'm doing, so I would really appreciate some help .....

ok so....Now I'm finding the registry entries that I have to remove, like the manual said, but I find some registry entries with different values. Let me to take an example:

I have found

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS " CERTIFICATEREVOCATION" = '1'

instead of

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS " CERTIFICATEREVOCATION" = '0'

Do I have to remove that key anyway???


Edit

While I was waiting for some responses, I have scanned my pc ( in safe mode) using Microsoft Safety Scanner, ESET online, Hitman Pro and Malwarebytes but Now nothing has been detected:
Does this mean that I'm safe again???
I'd remove it because on my computer, the keys don't exist.
My System SpecsSystem Spec
13 Nov 2012   #3

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by programmer40 View Post
I'd remove it because on my computer, the keys don't exist.
Yes it does They're not keys by the way, they're values.

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\System32>reg query "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURR
ENTVERSION\INTERNET SETTINGS"

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
    IE5_UA_Backup_Flag    REG_SZ    5.0
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    EmailName    REG_SZ    User@
    PrivDiscUiShown    REG_DWORD    0x1
    EnableHttp1_1    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-rep
lace multipart/x-byteranges
    AutoConfigProxy    REG_SZ    wininet.dll
    UseSchannelDirectly    REG_BINARY    01000000
    WarnOnPost    REG_BINARY    01000000
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xa0
    PrivacyAdvanced    REG_DWORD    0x0
    ZonesSecurityUpgrade    REG_BINARY    CB69B4C6195DCD01
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x0
    CertificateRevocation    REG_DWORD    0x1
    EnableNegotiate    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x0
    ProxyOverride    REG_SZ    *.local
    GlobalUserOffline    REG_DWORD    0x0

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\5.
0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CA
CHE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Co
nnections
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Ht
tp Filters
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Lo
ckdown_Zones
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\P3
P
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Pa
ssport
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Pr
otocols
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Te
mplatePolicies
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Wp
ad
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zo
neMap
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\Zo
nes

C:\Windows\System32>
My System SpecsSystem Spec
.


Reply

 Remove Obfuscator.xz Virus Tool




Thread Tools



Similar help and support threads for2: Remove Obfuscator.xz Virus Tool
Thread Forum
Solved Slow/freezes even in safe mode, found obfuscator virus System Security
Solved registry cosole tool keeps asking for permission & maybe i got a virus System Security
System Tool 2011 Virus System Security
Win7 x64 hangs@ CLASSPNP.SYS after run Kaspersky Virus removal tool BSOD Help and Support
Remove Windows 7 Systray Tool Customization
Rogue Virus Removal Tool System Security
QUICK HELP ASAP! (need to remove Security Tool in Win7) Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:39 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33