Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virtool win32 Obfuscator.xz detected w/ MSE

22 Mar 2013   #21
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Quadra, try right clicking on the CKscanner.exe and choose Run as Administrator .


My System SpecsSystem Spec
.

22 Mar 2013   #22
Quadra

Windows 7 Home Premium 64 Bit SP1
 
 

@VistaKing Thanks, got it to work, just left mouse alone and let it do its thing. Posted results in my previous post via an edit.
My System SpecsSystem Spec
22 Mar 2013   #23
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

The programs that Cottonball has you use you would need to right click on them and choose Run as administrator. That is only needed in Windows 7 and Vista . Windows XP doesn't require that .
My System SpecsSystem Spec
.


22 Mar 2013   #24
cottonball

Windows 7 Home Premium
 
 

Quadra,

ESET is normally effective at finding cracks, serials and keygens on a system, and your report presents a quandary.

I am not into gaming, but, there is a CheatEngine showing there, and numerous entries identifying a Win32/GameHack application in C:\Users\Squall\Downloads\

You mention:
Quote:
These are modifications for the games I own.
What kind of modification? Are these "modifications" legal?

Any unauthorized user of copyrighted or patented material is considered engaging in software piracy.

The next step is to run ESET once again, and check the option: Remove found threats

I need to talk to someone her that has first hand knowledge of the policies of this forum.
In forums where I also work, assisting anyone suspected of having obtained their software illegally is not allowed.
My System SpecsSystem Spec
22 Mar 2013   #25
Quadra

Windows 7 Home Premium 64 Bit SP1
 
 

@ Cottonball I will run ESET as instructed.

In regards to Cheatengine and the modifications they are legal. I use them to modify certain values in my games. For example I may be playing a game where I want my character to be invincible or wear certain armor or use a certain weapon. I'll use cheatengine (in the case of invincibility) to find the address for my characters health and change that value to the point where my character cannot die.

Here's a simple description of CheatEngine and its uses. Cheat Engine - Wikipedia, the free encyclopedia
Here's a description of the modifications. Trainer (games) - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
23 Mar 2013   #26
Quadra

Windows 7 Home Premium 64 Bit SP1
 
 

Results of second ESET using threat removal.

C:\Users\All Users\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application
C:\ProgramData\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\4f79ed8629923[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\optimizerpro[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\codecc_extension.exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\Port\GOT+8Tr-LNG.exe a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
E:\Users\Administrator\Downloads\GOT-1100+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG(1).rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT_8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\ps3tools\ps3tools\tools\PKG_ContentID.exe probably unknown NewHeur_PE virus deleted - quarantined
My System SpecsSystem Spec
23 Mar 2013   #27
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download Farbar Service Scannerand run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
My System SpecsSystem Spec
23 Mar 2013   #28
Quadra

Windows 7 Home Premium 64 Bit SP1
 
 

Hello Jacee,

As requested Farbar log:

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 23-03-2013 at 14:28:11
Running from "E:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\mpssvc.dll => MD5 is legit
E:\Windows\System32\bfe.dll => MD5 is legit
E:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
E:\Windows\System32\SDRSVC.dll => MD5 is legit
E:\Windows\System32\vssvc.exe => MD5 is legit
E:\Windows\System32\wscsvc.dll => MD5 is legit
E:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
E:\Windows\System32\wuaueng.dll => MD5 is legit
E:\Windows\System32\qmgr.dll => MD5 is legit
E:\Windows\System32\es.dll => MD5 is legit
E:\Windows\System32\cryptsvc.dll => MD5 is legit
E:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
23 Mar 2013   #29
georgehagi

Home Basic 64 bit
 
 

all i guess is it must be false positive if it is really reloaded upload because MSE detects every crack also as virus while they do not harm or act like any trojan which sends your private infos to someone else that is why i removed MSE from my PC
My System SpecsSystem Spec
23 Mar 2013   #30
cottonball

Windows 7 Home Premium
 
 

Quadra,

Back to:
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

Let's do some searching...

Please download SystemLook.

64-bit:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Save to your Desktop.

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content inside the following quote box into the main textfield:

Quote:
:filefind
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll
lick the Look button to start the scan.

When finished, a notepad window opens with the results.

Please post the SystemLook.txt (found on the Desktop) in your reply
My System SpecsSystem Spec
Reply

 Virtool win32 Obfuscator.xz detected w/ MSE




Thread Tools





Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
having possible issues related to VirTool:Win32\Obfuscator.XZ
hi, so about 2 weeks ago i dled a cracked version of the crysis series and it turned out that the cracked had contained the VirTool:Win32\Obfuscator.XZ malware (picked up by MSE) and subsequently steam stopped working properly (not sure if related). i removed the files that MSE said contained the...
System Security
Unable to get rid of virtool.win32/obfuscator.XZ
Hello, I'm a new member. I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit? Avira detects it as a hidden...
System Security
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.
How do I get rid of this sucker?
System Security
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App