Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Unable to get rid of virtool.win32/obfuscator.XZ

05 Dec 2012   #1

Windows 7 Professional 64 bits
 
 
Unable to get rid of virtool.win32/obfuscator.XZ

Hello, I'm a new member.

I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit?

Avira detects it as a hidden object, but cannot solve the problem either.
I'm unsure whether it is a false positive.

I researched about this and found this thread:
Infected by virtool.win32/obfuscator.XZ

Still I'm not rid of the problem. I followed the suggestion by Jacee in that thread and ran Combofix. I could post the log if necessary.

Help please.

Cheers.

My System SpecsSystem Spec
.

06 Dec 2012   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

It wouldn't hurt to check for rootkits since viruses have a bad habit of inviting more viruses onto your system. Rootkits generally make a cloaked partition & boot from that. Since the partition is hidden, it can be hard to remove for most programs.

For a rootkit scan, try running TDSSKiller.

Anti-rootkit utility TDSSKiller

Another tool you can use to check if anything else is present on your system is Windows Defender Offline. Being you're unsure of your system status, you may want to make this on another, clean PC & then run it on yours.

Windows Defender Offline

Yes, if you post the log this will help people to determine if there is anything amiss with your system.
My System SpecsSystem Spec
07 Dec 2012   #3

Windows 7 Professional 64 bits
 
 

Borg, apparently TDSSKiller solved the problem. It found some threats and removed them.
No more detections in Avira nor in Security essentials.

Danke sehr!

If I find out it came back I'll post here again.
My System SpecsSystem Spec
.


07 Dec 2012   #4

Windows 7 Professional 64 bits
 
 

Borg, it was not detected in safety mode.

But now I ran a complete scan in Security essentials and, arghhhh , the nasty virus was found again. See fig attached. It says it removed the plague but if I run a complete scan again it will be there.

TDSS was not useless, because it did find some threats. But now I realize it did not eliminate this problem.

From what I read, I cannot run Windows defender because my pen drive is 32 bits.

Help please.


Attached Thumbnails
Unable to get rid of virtool.win32/obfuscator.XZ-mse.png  
My System SpecsSystem Spec
07 Dec 2012   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

Please post the combofix.txt log you saved.
My System SpecsSystem Spec
07 Dec 2012   #6

Windows 7 Professional 64 bits
 
 

Damn.. it's been on my system for a few days already Jacee.

Here goes Combofix's log. I ran it 2 days ago.
Really worried.


Attached Files
File Type: txt combofix.txt (15.6 KB, 20 views)
My System SpecsSystem Spec
07 Dec 2012   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Can you copy and paste the combofix 'quarantined' .txt log?

It's located here C:\Qoobox\ComboFix-quarantined-files.txt
My System SpecsSystem Spec
07 Dec 2012   #8

Windows 7 Professional 64 bits
 
 

I'll run combofix again.
Here goes the file saved two days ago.


Attached Files
File Type: txt ComboFix-quarantined-files.txt (3.2 KB, 10 views)
My System SpecsSystem Spec
07 Dec 2012   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
07 Dec 2012   #10

Windows 7 Professional 64 bits
 
 

Just ran Combofix again. Posting combofix's last logfiles.

Posting adware logfile too.


Attached Files
File Type: txt AdwCleaner[R1].txt (7.5 KB, 11 views)
File Type: txt ComboFix-quarantined-files.txt (4.5 KB, 2 views)
File Type: txt Combofixlog2.txt (20.5 KB, 2 views)
My System SpecsSystem Spec
Reply

 Unable to get rid of virtool.win32/obfuscator.XZ





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:56 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33