Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Unable to get rid of virtool.win32/obfuscator.XZ

05 Dec 2012   #1
SchwarzTee

Windows 7 Professional 64 bits
 
 
Unable to get rid of virtool.win32/obfuscator.XZ

Hello, I'm a new member.

I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit?

Avira detects it as a hidden object, but cannot solve the problem either.
I'm unsure whether it is a false positive.

I researched about this and found this thread:
Infected by virtool.win32/obfuscator.XZ

Still I'm not rid of the problem. I followed the suggestion by Jacee in that thread and ran Combofix. I could post the log if necessary.

Help please.

Cheers.


My System SpecsSystem Spec
.
06 Dec 2012   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

It wouldn't hurt to check for rootkits since viruses have a bad habit of inviting more viruses onto your system. Rootkits generally make a cloaked partition & boot from that. Since the partition is hidden, it can be hard to remove for most programs.

For a rootkit scan, try running TDSSKiller.

Anti-rootkit utility TDSSKiller

Another tool you can use to check if anything else is present on your system is Windows Defender Offline. Being you're unsure of your system status, you may want to make this on another, clean PC & then run it on yours.

Windows Defender Offline

Yes, if you post the log this will help people to determine if there is anything amiss with your system.
My System SpecsSystem Spec
07 Dec 2012   #3
SchwarzTee

Windows 7 Professional 64 bits
 
 

Borg, apparently TDSSKiller solved the problem. It found some threats and removed them.
No more detections in Avira nor in Security essentials.

Danke sehr!

If I find out it came back I'll post here again.
My System SpecsSystem Spec
.

07 Dec 2012   #4
SchwarzTee

Windows 7 Professional 64 bits
 
 

Borg, it was not detected in safety mode.

But now I ran a complete scan in Security essentials and, arghhhh , the nasty virus was found again. See fig attached. It says it removed the plague but if I run a complete scan again it will be there.

TDSS was not useless, because it did find some threats. But now I realize it did not eliminate this problem.

From what I read, I cannot run Windows defender because my pen drive is 32 bits.

Help please.


Attached Thumbnails
-mse.png  
My System SpecsSystem Spec
07 Dec 2012   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

Please post the combofix.txt log you saved.
My System SpecsSystem Spec
07 Dec 2012   #6
SchwarzTee

Windows 7 Professional 64 bits
 
 

Damn.. it's been on my system for a few days already Jacee.

Here goes Combofix's log. I ran it 2 days ago.
Really worried.


Attached Files
File Type: txt combofix.txt (15.6 KB, 20 views)
My System SpecsSystem Spec
07 Dec 2012   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Can you copy and paste the combofix 'quarantined' .txt log?

It's located here C:\Qoobox\ComboFix-quarantined-files.txt
My System SpecsSystem Spec
07 Dec 2012   #8
SchwarzTee

Windows 7 Professional 64 bits
 
 

I'll run combofix again.
Here goes the file saved two days ago.


Attached Files
File Type: txt ComboFix-quarantined-files.txt (3.2 KB, 10 views)
My System SpecsSystem Spec
07 Dec 2012   #9
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
My System SpecsSystem Spec
07 Dec 2012   #10
SchwarzTee

Windows 7 Professional 64 bits
 
 

Just ran Combofix again. Posting combofix's last logfiles.

Posting adware logfile too.


Attached Files
File Type: txt AdwCleaner[R1].txt (7.5 KB, 11 views)
File Type: txt ComboFix-quarantined-files.txt (4.5 KB, 2 views)
File Type: txt Combofixlog2.txt (20.5 KB, 2 views)
My System SpecsSystem Spec
Reply

 Unable to get rid of virtool.win32/obfuscator.XZ




Thread Tools




Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
having possible issues related to VirTool:Win32\Obfuscator.XZ
hi, so about 2 weeks ago i dled a cracked version of the crysis series and it turned out that the cracked had contained the VirTool:Win32\Obfuscator.XZ malware (picked up by MSE) and subsequently steam stopped working properly (not sure if related). i removed the files that MSE said contained the...
System Security
Virtool win32 Obfuscator.xz detected w/ MSE
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
System Security
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.
How do I get rid of this sucker?
System Security
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App