Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

19 Mar 2013   #31
cottonball

Windows 7 Home Premium
 
 

The installed game does not appear to be flagged as malicious. It is the ISO for the game that is being flagged.

It was located in Drive E:\Torrents\Sleeping.Dogs-SKIDROW\sr-sddvd2.iso a variant of Win32/Packed.VMProtect.AAA trojan

ESET has it quarantined.
Is drive E:\ a fixed drive?


~~~~
Another issue is pointed out by SAS:
Rootkit.Agent/Gen
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE

Do need that RogueKiller RKreport to see what it shows.

Will be back later...


My System SpecsSystem Spec
.
19 Mar 2013   #32
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

LSASS.EXE correct folder is C:\Windows\System32

This needs to be removed

Code:
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE
Delete that ISO

@Cottonball

I believe E:\ is either a second HDD or 3rd partition
My System SpecsSystem Spec
19 Mar 2013   #33
Zibeltor

Windows 7 Home Premium 64bit
 
 

Here are the two new screens. And regarding Sleeping Dogs, I just tried to uninstall it and can't, getting this error message: Runtime Error (at 175:1185):

Cannot open file C:\Users\Carl\AppData\Local\Temp\is-MQEF8.tmp\1.bmp

I kind of doubt that file is the evil virus though? I mean, thousands of people downloaded that file without incident...

@Cottonball: I appreciate the help, but I'm honestly so tired of fruitlessly running scans all (of the last three) days. I have no idea what vistaking is on to, but I wanna let him run down his theory first.

Edit: I went ahead and deleted the offending iso. When you say "this needs to be removed" you just want me to go into my directory, find that file, press delete and everything well be fixed? O.o


Attached Thumbnails
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.-screen4.jpg   MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.-screen5.jpg  
My System SpecsSystem Spec
.

19 Mar 2013   #34
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Theory ? The keys I'm telling you to look at is where programs are placed to run as soon as the PC starts .

Thousands of people do if that but I guess you're the lucky one and got the virus you're trying to remove .

If you do not want my help all you have to do is say it and not speculate some type of theories that I am having you look at . Any program that anyone would tell u to scan with will look for those keys that I asked you to look at .
My System SpecsSystem Spec
19 Mar 2013   #35
Zibeltor

Windows 7 Home Premium 64bit
 
 

I didn't mean to imply that you didn't know what you were doing Vistaking. It says you are the Windows 7 guru right under your name. I was saying that I don't know what you're doing. Just because I don't know what you're doing doesn't mean I wont follow your advice. :P

I went ahead and deleted the iso. Should I go ahead and delete that other, much longer thing? (C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE )

EDIT: Well, I went ahead and looked for the much longer thing, but couldn't find any such thing to delete. I have included the screen cap for your perusal.


Attached Thumbnails
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.-screen6.jpg  
My System SpecsSystem Spec
19 Mar 2013   #36
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Zibeltor

Your MSE is the one who discovered the virus . Do a quick scan inside MSE if possible now that you went ahead and deleted the .iso file .
My System SpecsSystem Spec
19 Mar 2013   #37
Zibeltor

Windows 7 Home Premium 64bit
 
 

Alrighty, I'm running the scan now. I just found out I mispoke when I said it was MSE that found the virus. x.x It wasn't Microsoft Security Essentials; it was another program called Microsoft Safety Scanner. Anyway, I'm running the Microsoft Safety Scanner to see if it can find that virus again. Thanks so much for your help vistaking! I'll edit this post when the scan is finished.
My System SpecsSystem Spec
19 Mar 2013   #38
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Zibeltor

You have mentioned that you had blue screens . Follow the tutorial below

Blue Screen of Death (BSOD) Posting Instructions
My System SpecsSystem Spec
19 Mar 2013   #39
Zibeltor

Windows 7 Home Premium 64bit
 
 

x.x I came back to check the scan, but my computer had already blue screened again. I'll run the scan again, and try to edit this post with the bluescreen info that the other thread requested. I'm a little busy right now though, so i might not get to it until later tonight.
My System SpecsSystem Spec
19 Mar 2013   #40
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Take your time . We are here to help

ADDED :
Noticed you also have Daemon Tools . We've came across a lot with members here having it and having blue screens. Do the steps below

Daemon Tools uses SCSI Pass Through Direct (SPTD), which is a well known BSOD causer. Uninstall Daemon Tools . Then download SPTD standalone installer
download FOR 64-bit OS
download FOR 32-bit OS
and execute the downloaded file as guided below :
Double click to open it.
Click this button only:


Note   Note
If it is grayed out, as in the picture, there is no more SPTD in your system, and you just close the window.
My System SpecsSystem Spec
Reply

 MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
Unable to get rid of virtool.win32/obfuscator.XZ
Hello, I'm a new member. I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit? Avira detects it as a hidden...
System Security
Virtool win32 Obfuscator.xz detected w/ MSE
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
System Security
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security
Infected by virtool.win32/obfuscator.XZ on Windows 7
Hi All, My last MSE scan was in October of 2012, did a scan last night and found that I'm infected with virtool.win32/obfuscator.XZ. I tried to do some research before posting and found these two threads that are relatively recent: 1. Solved: Please help removing virtool:win32/obfuscator.XZ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App