Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virtool win32 Obfuscator.xz detected w/ MSE


22 Mar 2013   #21

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Quadra, try right clicking on the CKscanner.exe and choose Run as Administrator .


My System SpecsSystem Spec
.

22 Mar 2013   #22

Windows 7 Home Premium 64 Bit SP1
 
 

@VistaKing Thanks, got it to work, just left mouse alone and let it do its thing. Posted results in my previous post via an edit.
My System SpecsSystem Spec
22 Mar 2013   #23

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

The programs that Cottonball has you use you would need to right click on them and choose Run as administrator. That is only needed in Windows 7 and Vista . Windows XP doesn't require that .
My System SpecsSystem Spec
.


22 Mar 2013   #24

Windows 7 Home Premium
 
 

Quadra,

ESET is normally effective at finding cracks, serials and keygens on a system, and your report presents a quandary.

I am not into gaming, but, there is a CheatEngine showing there, and numerous entries identifying a Win32/GameHack application in C:\Users\Squall\Downloads\

You mention:
Quote:
These are modifications for the games I own.
What kind of modification? Are these "modifications" legal?

Any unauthorized user of copyrighted or patented material is considered engaging in software piracy.

The next step is to run ESET once again, and check the option: Remove found threats

I need to talk to someone her that has first hand knowledge of the policies of this forum.
In forums where I also work, assisting anyone suspected of having obtained their software illegally is not allowed.
My System SpecsSystem Spec
22 Mar 2013   #25

Windows 7 Home Premium 64 Bit SP1
 
 

@ Cottonball I will run ESET as instructed.

In regards to Cheatengine and the modifications they are legal. I use them to modify certain values in my games. For example I may be playing a game where I want my character to be invincible or wear certain armor or use a certain weapon. I'll use cheatengine (in the case of invincibility) to find the address for my characters health and change that value to the point where my character cannot die.

Here's a simple description of CheatEngine and its uses. Cheat Engine - Wikipedia, the free encyclopedia
Here's a description of the modifications. Trainer (games) - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
23 Mar 2013   #26

Windows 7 Home Premium 64 Bit SP1
 
 

Results of second ESET using threat removal.

C:\Users\All Users\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application
C:\ProgramData\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\4f79ed8629923[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\optimizerpro[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\codecc_extension.exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\Port\GOT+8Tr-LNG.exe a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
E:\Users\Administrator\Downloads\GOT-1100+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG(1).rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT_8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\ps3tools\ps3tools\tools\PKG_ContentID.exe probably unknown NewHeur_PE virus deleted - quarantined
My System SpecsSystem Spec
23 Mar 2013   #27
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download Farbar Service Scannerand run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
My System SpecsSystem Spec
23 Mar 2013   #28

Windows 7 Home Premium 64 Bit SP1
 
 

Hello Jacee,

As requested Farbar log:

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 23-03-2013 at 14:28:11
Running from "E:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\mpssvc.dll => MD5 is legit
E:\Windows\System32\bfe.dll => MD5 is legit
E:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
E:\Windows\System32\SDRSVC.dll => MD5 is legit
E:\Windows\System32\vssvc.exe => MD5 is legit
E:\Windows\System32\wscsvc.dll => MD5 is legit
E:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
E:\Windows\System32\wuaueng.dll => MD5 is legit
E:\Windows\System32\qmgr.dll => MD5 is legit
E:\Windows\System32\es.dll => MD5 is legit
E:\Windows\System32\cryptsvc.dll => MD5 is legit
E:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
23 Mar 2013   #29

Home Basic 64 bit
 
 

all i guess is it must be false positive if it is really reloaded upload because MSE detects every crack also as virus while they do not harm or act like any trojan which sends your private infos to someone else that is why i removed MSE from my PC
My System SpecsSystem Spec
23 Mar 2013   #30

Windows 7 Home Premium
 
 

Quadra,

Back to:
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

Let's do some searching...

Please download SystemLook.

64-bit:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Save to your Desktop.

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content inside the following quote box into the main textfield:

Quote:
:filefind
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll
lick the Look button to start the scan.

When finished, a notepad window opens with the results.

Please post the SystemLook.txt (found on the Desktop) in your reply
My System SpecsSystem Spec
Reply

 Virtool win32 Obfuscator.xz detected w/ MSE




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:16 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33