Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

19 Mar 2013   #11
Zibeltor

Windows 7 Home Premium 64bit
 
 

Well, the scan finished. Nothing super interesting except the thing at the bottom.

SUPERAntiSpyware Scan Log
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/19/2013 at 02:08 AM

Application Version : 5.6.1014

Core Rules Database Version : 10149
Trace Rules Database Version: 7961

Scan type : Complete Scan
Total Scan Time : 00:11:19

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 71812
Registry threats detected : 0
File items scanned : 55253
File threats detected : 15

Adware.Tracking Cookie
.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
3DStats.com - Professional Website statistics in real time [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\CARL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Rootkit.Agent/Gen
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE


My System SpecsSystem Spec
.
19 Mar 2013   #12
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Did you delete the results and restart ?

Did you update before scanning ?
My System SpecsSystem Spec
19 Mar 2013   #13
Zibeltor

Windows 7 Home Premium 64bit
 
 

Yes I updated before starting and yes I restarted after deleting the things it found (except for a few cookies related to my microsoft support session).
My System SpecsSystem Spec
.

19 Mar 2013   #14
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Lets take a look with this software

Note   Note
You will need a USB Flash Drive


Farbar Tool

Download Farbar Recovery Scan Tool from below on a non infected PC
For 32-bit (x86) systems download
Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download
Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note   Note
Replace letter e with the drive letter of your flash drive.

Tip   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
Now press the Search button
When the search is complete, search.txt will also be written to your USB
Type exit and reboot the computer normally
Please copy and paste both logs in your reply.(FRST.txt and Search.txt)
My System SpecsSystem Spec
19 Mar 2013   #15
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You could also try to run this program

Download AdWareCleaner AdwCleaner Download

AdwCleaner Download to your desktop
Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Click on Search button.

Upload the log with your reply
My System SpecsSystem Spec
19 Mar 2013   #16
Zibeltor

Windows 7 Home Premium 64bit
 
 

I'm afraid I don't have a flash drive, but I'm trying the AdwCleaner. Just wondering, but this is probably the 7th...8th? adware/malware scanner I've used since I started investigating the issue. Can I just skip..straight to the best one? Haha; I'm just not sure why I'm being led through a series of ineffective programs. :/

Alright, so I used adwCleaner program, and here's the log!


Attached Files
File Type: txt AdwCleaner[R1].txt (1.8 KB, 3 views)
My System SpecsSystem Spec
19 Mar 2013   #17
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run the AdwCleaner once more this time click on delete . When it asks to restart please do so .
My System SpecsSystem Spec
19 Mar 2013   #18
Zibeltor

Windows 7 Home Premium 64bit
 
 

Alrighty. I have deleted the files and here is the report.


Attached Files
File Type: txt AdwCleaner[S2].txt (2.1 KB, 4 views)
My System SpecsSystem Spec
19 Mar 2013   #19
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I apologize if I am giving you the run around to remove this sucker .

Can you give me a screen shot of this please

Open up the registry . Click on button type in REGEDIT in the search box and press Enter once REGEDIT shows up in the start menu under Programs (1) . Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

And

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNOnce
My System SpecsSystem Spec
19 Mar 2013   #20
Zibeltor

Windows 7 Home Premium 64bit
 
 

Haha, if it stops the interminable blue screens, you don't have to apologize for anything. I would in fact buy you many virtual beers. Here are the screen caps you asked for.


Attached Thumbnails
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.-screen1.jpg   MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.-screen2.jpg  
My System SpecsSystem Spec
Reply

 MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
Unable to get rid of virtool.win32/obfuscator.XZ
Hello, I'm a new member. I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit? Avira detects it as a hidden...
System Security
Virtool win32 Obfuscator.xz detected w/ MSE
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
System Security
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security
Infected by virtool.win32/obfuscator.XZ on Windows 7
Hi All, My last MSE scan was in October of 2012, did a scan last night and found that I'm infected with virtool.win32/obfuscator.XZ. I tried to do some research before posting and found these two threads that are relatively recent: 1. Solved: Please help removing virtool:win32/obfuscator.XZ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App