Unable to get rid of virtool.win32/obfuscator.XZ

Page 1 of 3 123 LastLast

  1. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
       New #1

    Unable to get rid of virtool.win32/obfuscator.XZ


    Hello, I'm a new member.

    I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit?

    Avira detects it as a hidden object, but cannot solve the problem either.
    I'm unsure whether it is a false positive.

    I researched about this and found this thread:
    Infected by virtool.win32/obfuscator.XZ

    Still I'm not rid of the problem. I followed the suggestion by Jacee in that thread and ran Combofix. I could post the log if necessary.

    Help please.

    Cheers.
      My Computer
    Quote Quote

  3. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #2

    It wouldn't hurt to check for rootkits since viruses have a bad habit of inviting more viruses onto your system. Rootkits generally make a cloaked partition & boot from that. Since the partition is hidden, it can be hard to remove for most programs.

    For a rootkit scan, try running TDSSKiller.

    Anti-rootkit utility TDSSKiller

    Another tool you can use to check if anything else is present on your system is Windows Defender Offline. Being you're unsure of your system status, you may want to make this on another, clean PC & then run it on yours.

    Windows Defender Offline

    Yes, if you post the log this will help people to determine if there is anything amiss with your system.
      My Computer
    Quote Quote

  4. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
    Thread Starter
       New #3

    Borg, apparently TDSSKiller solved the problem. It found some threats and removed them.
    No more detections in Avira nor in Security essentials.

    Danke sehr!

    If I find out it came back I'll post here again.
      My Computer
    Quote Quote

  6. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
    Thread Starter
       New #4

    Borg, it was not detected in safety mode.

    But now I ran a complete scan in Security essentials and, arghhhh , the nasty virus was found again. See fig attached. It says it removed the plague but if I run a complete scan again it will be there.

    TDSS was not useless, because it did find some threats. But now I realize it did not eliminate this problem.

    From what I read, I cannot run Windows defender because my pen drive is 32 bits.

    Help please.
    Attached Thumbnails Attached Thumbnails Unable to get rid of virtool.win32/obfuscator.XZ-mse.png  
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Warning! Backdoor Trojans

    These are the most dangerous, and most widespread, type of Trojan.
    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
    You should consider them to be compromised.
    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
    Banking and credit card institutions should be notified of the possible security breech.
    More info can be found below:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

    Please post the combofix.txt log you saved.
      My Computer
    Quote Quote

  8. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
    Thread Starter
       New #6

    Damn.. it's been on my system for a few days already Jacee.

    Here goes Combofix's log. I ran it 2 days ago.
    Really worried.
    Unable to get rid of virtool.win32/obfuscator.XZ Attached Files
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #7

    Can you copy and paste the combofix 'quarantined' .txt log?

    It's located here C:\Qoobox\ComboFix-quarantined-files.txt
      My Computer
    Quote Quote

  11. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
    Thread Starter
       New #8

    I'll run combofix again.
    Here goes the file saved two days ago.
    Unable to get rid of virtool.win32/obfuscator.XZ Attached Files
      My Computer
    Quote Quote

  12. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #9

    Download AdWareCleaner AdwCleaner Download to your desktop
    1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
    2.Click on Delete button.
    3.Confirm each time with OK.
    4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
    Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
      My Computer
    Quote Quote

  13. SchwarzTee
    Posts : 13
    Windows 7 Professional 64 bits
    Thread Starter
       New #10

    Just ran Combofix again. Posting combofix's last logfiles.

    Posting adware logfile too.
    Unable to get rid of virtool.win32/obfuscator.XZ Attached Files
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
Hi All, My last MSE scan was in October of 2012, did a scan last night and found that I'm infected with virtool.win32/obfuscator.XZ. I tried to do some research before posting and found these two threads that are relatively recent: 1. Solved: Please help removing virtool:win32/obfuscator.XZ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:23.
Find Us