Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.


18 Mar 2013   #1

Windows 7 Home Premium 64bit
 
 
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

How do I get rid of this sucker?

My System SpecsSystem Spec
.

18 Mar 2013   #2

Microsoft Windows 7 Home Premium 64-bit 7600
 
 

a quick google showed this thread as first hit...

Infected by virtool.win32/obfuscator.XZ

loads of info there, good luck.
My System SpecsSystem Spec
18 Mar 2013   #3

Windows 7 Home Premium 64bit
 
 

Yeah, I read that thread. The dds tool that Jacee recommends though...none of those mirrors work anymore. :/

Scratch that, I found dds. I have included the two logs she asked that guy for, but I don't really know what she was looking for or what made her decide to recommend combo fix. :/


Attached Files
File Type: txt attach.txt (8.6 KB, 10 views)
File Type: txt dds.txt (19.5 KB, 11 views)
My System SpecsSystem Spec
.


18 Mar 2013   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

virtool.win32/obfuscator.XZ ...This is a "backdoor Trojan" ...

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.


Please uninstall all P2P programs!

Next, we're going to flush the DNS cache and restore MS's Hosts file.
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

After doing the above, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
18 Mar 2013   #5

Windows 7 Home Premium 64bit
 
 

I did all the steps you recommended, and ESET found something, but I'm 99% sure that's not what's been causing my blue screens.


Attached Files
File Type: txt ESETScan.txt (118 Bytes, 22 views)
My System SpecsSystem Spec
18 Mar 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Hi Zibeltor

Lets use SuperAntispyware to remove that

download


Once you’ve launched the application on the infected machine, you should see a welcome screen, and you can just click the button to start it up.

Pick your language

Click on scan your computer

Select the locations to scan, and choose to Perform Complete Scan (there’s no point in a quick scan on an infected machine).

The application will scan through the system and find anything bad on the system, and then let you remove it all easily
My System SpecsSystem Spec
18 Mar 2013   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
E:\Torrents\Sleeping.Dogs-SKIDROW\sr-sddvd2.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
Ah-ha! Problem ... VMProtect Software Protection » VMProtect.AAA, VMProtect.AAD

If it's not paid for, then it's pirated.
My System SpecsSystem Spec
18 Mar 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Nice a program using an old MS Office logo as their software logo .
My System SpecsSystem Spec
19 Mar 2013   #9

Windows 7 Home Premium 64bit
 
 

Thank you for your help VistaKing. I'm running the scan now. I'll edit this post when I have results to show you.
My System SpecsSystem Spec
19 Mar 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Lets see if we could remove that . If it locates any cookies that's ok that not malware . You may delete those as well .
My System SpecsSystem Spec
Reply

 MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.




Thread Tools



Similar help and support threads for2: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz System Security
having possible issues related to VirTool:Win32\Obfuscator.XZ System Security
Unable to get rid of virtool.win32/obfuscator.XZ System Security
Solved Virtool win32 Obfuscator.xz detected w/ MSE System Security
Infected by virtool.win32/obfuscator.XZ System Security
Solved Virtool win32 Obfuscator.xz detected System Security
Infected by virtool.win32/obfuscator.XZ on Windows 7 System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:24 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33